A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry | Patch Vendor Advisory |
Configurations
History
01 Apr 2024, 15:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:ivanti:standalone_sentry:*:*:*:*:*:*:*:* | |
First Time |
Ivanti standalone Sentry
Ivanti |
|
References | () https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry - Patch, Vendor Advisory | |
CWE | CWE-77 |
31 Mar 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-31 02:15
Updated : 2024-04-01 15:31
NVD link : CVE-2023-41724
Mitre link : CVE-2023-41724
CVE.ORG link : CVE-2023-41724
JSON object : View
Products Affected
ivanti
- standalone_sentry
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')