CVE-2023-38035: Critical Authentication Bypass Vulnerability in Ivanti Sentry
On August 21, 2023, Ivanti published a knowledge base article on a critical authentication bypass vulnerability impacting Ivanti Sentry (CVE-2023-38035). For this vulnerability to be exploited, the System Management Portal which is hosted on port 8443 by default must be exposed to the internet. Successful exploitation of this vulnerability could lead to a remote unauthenticated threat actor making configuration changes to the server and the underlying Operating System (OS) as root.