Ivanti: Max severity Sentry flaw allows code execution as root
Summary
Ivanti has addressed two critical vulnerabilities in its Sentry secure mobile gateway solution. The most severe of these flaws allows remote attackers to execute arbitrary code with root privileges on affected systems.
IFF Assessment
A maximum severity vulnerability allowing root code execution is bad news for defenders as it represents a significant risk to systems.
Severity
The vulnerability is described as maximum severity, allowing root code execution, suggesting a high CVSS score with significant impact across confidentiality, integrity, and availability, likely exploitable remotely.
Defender Context
Defenders should prioritize patching Ivanti Sentry systems immediately to mitigate the risk of this critical vulnerability. Attackers could gain complete control of affected gateways, leading to further network compromise.