CVE-2023-41724

CVE Database · CVE-2023-41724

CVE-2023-41724

· HIGHModified

CVSS v3.1

8.8

EPSS

12.84%

Published

Mar 30, 2024

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77CWE-94

Affected Products (1)

ivanti · standalone_sentry (up to 9.19.0)vulnerable

References (2)

https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry

PatchVendor Advisory

https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs