Ivanti again did not have time to warn customers that they are already hacked.
One missed day with the update could turn the company’s defense gateway into a convenient entry point for intruders. Shadowserver experts reported massive attempts to exploit a critical vulnerability in Ivanti Sentry, which allows you to execute commands with root rights on devices available from the Internet.
The problem was received by the CVE-2020-10520 identifier (CVSS:3.1/AV:C/A:C/H/A:H/A:H::H– 10.0 Critical) and related to the implementation of the operating system commands. Ivanti closed the vulnerability on June 9, releasing versions of the Sentry R10.5.2, R10.6.2 and R10.7.1. At the time of publication of the corrections, the company stated that it sees no signs of attacks on customers.
The next day, Shadowserver showed a different picture. According to the organization, the attackers began to use the open verification code of the attack and tried to infect the Ivani Sentry gateways available in the network. When scanning, experts found 19 vulnerable devices, at least 2 of which have already compromised. At the same time, Shadowserver believes that the rest, most likely, could also be compromised.
Ivani Sentry, formerly known as MobileIron Sentry, protects data exchange between internal enterprise systems and remote mobile devices. That is why a successful attack on such a gateway is especially dangerous. The device stands at the border of corporate infrastructure and can open the way to the internal resources of the company.
Shadowserver separately warned that the real number of vulnerable locks could be higher. Some devices are unavailable for scanning, possibly due to blocking search and verification systems. The organization bluntly stated that the owners of the unnovified Ivanti Sentry are likely already under threat of compromise.
Ivanti has not yet updated its warning, which still refers to the lack of known cases of exploitation at the time of the vulnerability.
Ivanti products regularly attract the attention of intruders, as errors in such systems give a chance to get into corporate networks and get to confidential data. In recent years, the U.S. Cyber Security and Infrastructure Protection Agency has made 34 vulnerabilities in various Ivanti products in the catalog of actively used errors. In 12 cases, such vulnerabilities were also used in ransomware attacks.
The owners of Ivanti Sentry are advised to urgently install versions R10.5.2, R10.6.2 or R10.7.1, as well as check the devices for signs of hacking. A simple update after the attackers began to massively exploit the vulnerability may not solve the problem - if they managed to gain a foothold in the system.
One missed day with the update could turn the company’s defense gateway into a convenient entry point for intruders. Shadowserver experts reported massive attempts to exploit a critical vulnerability in Ivanti Sentry, which allows you to execute commands with root rights on devices available from the Internet.
The problem was received by the CVE-2020-10520 identifier (CVSS:3.1/AV:C/A:C/H/A:H/A:H::H– 10.0 Critical) and related to the implementation of the operating system commands. Ivanti closed the vulnerability on June 9, releasing versions of the Sentry R10.5.2, R10.6.2 and R10.7.1. At the time of publication of the corrections, the company stated that it sees no signs of attacks on customers.
The next day, Shadowserver showed a different picture. According to the organization, the attackers began to use the open verification code of the attack and tried to infect the Ivani Sentry gateways available in the network. When scanning, experts found 19 vulnerable devices, at least 2 of which have already compromised. At the same time, Shadowserver believes that the rest, most likely, could also be compromised.
Ivani Sentry, formerly known as MobileIron Sentry, protects data exchange between internal enterprise systems and remote mobile devices. That is why a successful attack on such a gateway is especially dangerous. The device stands at the border of corporate infrastructure and can open the way to the internal resources of the company.
Shadowserver separately warned that the real number of vulnerable locks could be higher. Some devices are unavailable for scanning, possibly due to blocking search and verification systems. The organization bluntly stated that the owners of the unnovified Ivanti Sentry are likely already under threat of compromise.
Ivanti has not yet updated its warning, which still refers to the lack of known cases of exploitation at the time of the vulnerability.
Ivanti products regularly attract the attention of intruders, as errors in such systems give a chance to get into corporate networks and get to confidential data. In recent years, the U.S. Cyber Security and Infrastructure Protection Agency has made 34 vulnerabilities in various Ivanti products in the catalog of actively used errors. In 12 cases, such vulnerabilities were also used in ransomware attacks.
The owners of Ivanti Sentry are advised to urgently install versions R10.5.2, R10.6.2 or R10.7.1, as well as check the devices for signs of hacking. A simple update after the attackers began to massively exploit the vulnerability may not solve the problem - if they managed to gain a foothold in the system.
