CVE-2023-38035 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2023-38035?

CVE-2023-38035 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass authentication on the Ivanti MobileIron Sentry administrative interface due to an overly permissive Apache HTTPD configuration. Attackers can gain unauthorized administrative access without credentials. Organizations running Ivanti MobileIron Sentry versions 9.18.0 and below are affected.

📋 TL;DR

This vulnerability allows attackers to bypass authentication on the Ivanti MobileIron Sentry administrative interface due to an overly permissive Apache HTTPD configuration. Attackers can gain unauthorized administrative access without credentials. Organizations running Ivanti MobileIron Sentry versions 9.18.0 and below are affected.

💻 Affected Systems

Products:

Ivanti MobileIron Sentry

Versions: 9.18.0 and below

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the MICS Admin Portal component with insufficient Apache HTTPD restrictions.

📦 What is this software?

Mobileiron Sentry by Ivanti

View all CVEs affecting Mobileiron Sentry →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative compromise leading to remote code execution, data exfiltration, and complete system takeover.

🟠

Likely Case

Unauthorized administrative access allowing configuration changes, user data access, and potential lateral movement.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - Directly exposed administrative interfaces can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward with publicly available proof-of-concept code. CISA has added this to its Known Exploited Vulnerabilities catalog.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.18.1 and above

Vendor Advisory: https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface

Restart Required: Yes

Instructions:

1. Download and install Ivanti MobileIron Sentry version 9.18.1 or later from the Ivanti support portal. 2. Apply the patch following Ivanti's installation guide. 3. Restart the Sentry service to apply changes.

🔧 Temporary Workarounds

Restrict Apache HTTPD Configuration

all

Modify Apache configuration to properly restrict access to administrative interfaces

# Edit Apache configuration files to add proper authentication and access controls
# Example: Add Require valid-user and proper AuthType directives

Network Segmentation

all

Isolate Sentry administrative interface from untrusted networks

# Configure firewall rules to restrict access to Sentry admin interface
# Example: iptables -A INPUT -p tcp --dport [admin_port] -s [trusted_ips] -j ACCEPT

🧯 If You Can't Patch

Immediately restrict network access to the Sentry administrative interface using firewall rules
Implement additional authentication layers such as VPN or reverse proxy with strong authentication

🔍 How to Verify

Check if Vulnerable:

Check Sentry version via admin interface or command line. Versions 9.18.0 and below are vulnerable.

Check Version:

Check version in Sentry web interface or run system diagnostic commands specific to your deployment.

Verify Fix Applied:

Verify installation of version 9.18.1 or later and test authentication bypass attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to admin endpoints
Authentication bypass patterns in Apache logs
Unusual administrative activity from unexpected sources

Network Indicators:

Direct access to administrative endpoints without authentication headers
Unusual traffic patterns to Sentry admin interface

SIEM Query:

source="apache" AND (uri="/admin/*" OR uri="/api/*") AND NOT auth_success="true"

📊 Metadata

CVE ID: CVE-2023-38035

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: August 21, 2023

Last Updated: October 31, 2025

🔗 References

http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface Vendor Advisory
http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38035 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38035, you might also want to check these: