CVE-2023-38035
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- July 12, 2023
- Published Date
- August 21, 2023
- Last Updated
- February 13, 2025
- Vendor
- Ivanti
- Product
- MobileIron Sentry
- Description
- A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-08-22 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_sentry_misc_log_service.rb | 2025-04-29 11:01:13 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-38035.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ivanti_sentry_misc_log_service
Type: metasploit • Created: Unknown
horizon3ai/CVE-2023-38035
Type: github • Created: 2023-08-23 17:34:36 UTC • Stars: 39
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Proof of Concept Exploit Available
-
Detected by Nuclei
-
Detected by Metasploit