Ivanti has urged organizations to immediately remediate critical vulnerabilities impacting its Standalone Sentry appliance and Neurons for ITSM IT service management solution with available patches, according to BleepingComputer.
All supported Standalone Sentry versions are affected by the flaw, tracked as CVE-2023-41724 and identified by NATO Cyber Security Centre researchers, which could be leveraged to facilitate arbitrary command execution, said Ivanti. While command execution attacks are also possible with the exploitation of the Neurons for ITSM bug, tracked as CVE-2023-46808, Ivanti emphasized that there has been no in-the-wild abuse of both security issues. Such an advisory from Ivanti comes amid persistent attacks targeting Ivanti vulnerabilities, with several Connect Secure VPN zero-days leveraged in Chinese cyberattacks since January. Such flaws, which continued to affect more than 13,000 Ivanti Connect Secure and Policy Secure instances last month, have prompted the Cybersecurity and Infrastructure Security Agency to order the immediate deactivation of all vulnerable instances.
