Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9
Summary
Ivanti is urging customers using its Sentry product to immediately patch critical vulnerabilities. These flaws in versions 10.0 and 9.9 could allow remote, unauthenticated attackers to gain root-level access to systems.
IFF Assessment
Critical vulnerabilities allowing unauthenticated remote code execution with root privileges represent a significant threat to defenders, enabling attackers to compromise systems with high impact.
Severity
The described vulnerability allows for remote, unauthenticated code execution with root privileges, which is a critical severity. Factors like high exploitability and broad impact contribute to a high CVSS score.
Defender Context
This is a critical alert for organizations using Ivanti Sentry, as unpatched systems are highly vulnerable to remote takeover. Defenders must prioritize patching these specific versions to mitigate the risk of severe compromise and data loss.