MobileIron under active attack, admins warned to update

Ivanti is warning of attacks on its MobileIron platform due to improper handling of APIs

MobileIron under active attack, admins warned to update

Ivanti is warning users to update Ivanti Sentry following the disclosure of a critical security vulnerability.

The company said that customers running MobileIron Sentry should be on the lookout for attacks against CVE- 2023-38035. Versions 9.18 and prior are considered vulnerable.

According to Ivanti, the vulnerability is the result of a failure to properly block off access to APIs, resulting in the ability for an attacker to bypass security protections. Administrators are being advised to update their installations as soon as possible.

The vulnerability has been given a CVSS rating of 9.8, indicating a potentially serious security risk, though Ivanti says those fears might be overblown depending on system configuration.

In the worst case, Ivanti says that an attacker could exploit the flaw to change system configurations in the system manager portal.

"If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal. While the issue has a high CVSS score, there is a low risk of exploitation for customers who do not expose port 8443 to the internet," Ivanti said.


"Successful exploitation can be used to change configuration, run system commands, or write files onto the system. Ivanti recommends that customers restrict access to MICS to internal management networks and not expose this to the internet."

The vulnerability was serious enough that Ivanti is recommending customers block Port 8443 from external access. The company is also posting scripts to help block access to the vulnerable components.

Ivanti noted that the flaw was isolated to MobileIron Security and does not affect its other offerings such as EPMM, MobileIron Cloud or Ivanti Neurons for MDM.

Ivanti's warning comes as a number of new security flaws are being disclosed in the wake of the BlackHat and DefCon security conferences. Researchers took to the Las Vegas gatherings and disclosed a number of previously unknown security issues.