CVE-2023-41724

HIGH EXPLOITED

Ivanti Standalone Sentry < 9.19.0 - Unauthenticated Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2023-41724 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry

Scores

CVSS v3 8.8

EPSS 0.0630

EPSS Percentile 91.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-05-14

CWE

CWE-94 CWE-77

Status published

Products (1)

ivanti/standalone_sentry < 9.19.0

Published Mar 31, 2024

Tracked Since Feb 18, 2026