CVE-2023-38035

What is Ivanti Sentry?

Ivanti Sentry (formerly MobileIron Sentry) is an intelligent mobile security gateway that sits between managed mobile devices and corporate backend resources. It is a core component of the Ivanti Unified Endpoint Management architecture, deployed alongside Ivanti EPMM (formerly MobileIron Core) to enforce mobile access policy.

Key functions include:

• ActiveSync Gateway — proxies and enforces MDM compliance policy on Exchange and Microsoft 365 email, contacts, and calendar traffic; non-compliant or unenrolled devices are blocked at Sentry before reaching Exchange
• AppTunnel — provides per-app SSL tunneling to internal resources (SharePoint, intranets, custom apps) without requiring a full device VPN; all app-layer traffic flows through Sentry
• Kerberos Proxy (KKDCP) — acts as a Key Distribution Center Proxy for Kerberos authentication in EPMM environments
• Policy Enforcement Point — receives real-time device posture and compliance state from Ivanti EPMM and enforces access decisions accordingly

Sentry does not operate standalone — it receives its device lists, compliance states, and configuration from Ivanti EPMM. It is the enforcement layer; EPMM is the management plane. Both products are typically deployed together, meaning a Sentry compromise often accompanies or follows EPMM exploitation.

Sentry is a high-value target because all mobile email and application data flows through it — giving an attacker with server access full visibility into Exchange credentials, authentication tokens, and managed app traffic. It is internet-facing by design and deployed by government agencies, healthcare organizations, and large enterprises worldwide.

Overview

CVE-2023-38035 is an authentication bypass (CWE-863) in the MICS (MobileIron Configuration Service) System Manager Portal, the administrative interface for Ivanti Sentry, accessible on port 8443. Apache HTTPD's configuration failed to enforce authentication on the /mics/services/* path space, leaving the Hessian RPC service endpoint reachable without any credentials. The vulnerable MICSLogService Hessian endpoint accepts a SystemCommandRequestDTO object and passes its command string directly to Runtime.exec() — meaning any unauthenticated attacker with network access to port 8443 can execute arbitrary OS commands as root in a single POST request.

The vulnerability was exploited as a zero-day against a limited number of customers before Ivanti's August 21, 2023 advisory. CISA added it to the KEV catalog the following day, assigning ransomware attribution. It was discovered during the same period as the broader EPMM cluster (CVE-2023-35078, CVE-2023-35081, CVE-2023-35082) and forms a parallel root-access path through the management gateway layer.

Affected Versions

Fix mechanism: Ivanti did not release a full new version. Customers receive version-specific RPM scripts (applied on top of the existing installation) for their supported version branch. Applying the wrong RPM can cause remediation failure or system instability. Customers on unsupported versions prior to 9.16 must upgrade to a supported release before applying the RPM.

Technical Details

The root cause is an insufficient Apache HTTPD configuration in the MICS admin portal. The security.xml configuration defines authentication requirements for the Sentry management interface, but the Apache-layer mod_rewrite directives did not enforce those requirements on the /mics/services/* path space. As a result, HTTP requests to Hessian RPC endpoints on that path bypassed the authentication filter chain entirely.

Vulnerable endpoint:

• Port: 8443 (MICS System Manager Portal — the Sentry administrator interface)
• Path: /mics/services/MICSLogService
• Protocol: Hessian RPC (binary remote procedure call over HTTP using Java serialization)
• Authentication required: None

Attack path to root code execution:

1. Attacker sends an unauthenticated HTTPS POST to https://<target>:8443/mics/services/MICSLogService
2. The request body is a Hessian-encoded SystemCommandRequestDTO object containing the attacker's command string
3. MICSLogService deserializes the object and calls Runtime.exec() with the command — no input validation or privilege separation
4. Commands execute as root (via sudo). The execution environment lacks piping support, so real-world exploitation typically stages a static binary (e.g., ncat) via wget to establish a reverse shell

CWE-863 (Incorrect Authorization): Authorization policy is defined correctly in security.xml but is not enforced by the HTTP server configuration layer, making the policy definition effectively inoperative for this path.

Attack characteristics:

• Authentication required: None
• Network reach: Remote (port 8443, internet-exposed in some deployments)
• Complexity: Low
• Interaction required: None
• Single request: Yes — one POST request achieves unauthenticated root RCE
• If port 8443 is internal-only: attackers can chain CVE-2023-35078 (EPMM auth bypass) to gain internal network access, then reach port 8443 from inside

Discovery

CVE-2023-38035 was discovered by researchers at mnemonic, the Norwegian cybersecurity firm that also identified CVE-2023-35078 during incident response work on the Norwegian government breach. Responsible disclosure to Ivanti preceded the August 21, 2023 public advisory.

James Horseman of Horizon3.ai published a technical deep-dive and working proof-of-concept on August 24, 2023, three days after the advisory. Horizon3's reverse engineering of the patch (comparing Sentry 9.12 and 9.18) confirmed the root cause: the ConfigService RPC service was removed from remoting-servlet.xml and the unauthenticated /services/* route was closed in the fixed version. The PoC is publicly available on GitHub.

Exploitation Context

Ivanti confirmed active zero-day exploitation against a limited number of customers before the August 21, 2023 advisory. CISA added CVE-2023-38035 to the KEV catalog the next day — reflecting confirmed in-the-wild exploitation and indicating active targeting beyond the initial limited incidents.

Exposure: Horizon3.ai identified approximately 500 Sentry instances with port 8443 exposed to the public internet via Shodan at time of disclosure (August 2023), primarily in Germany, the United States, the United Kingdom, China, and France.

Post-Horizon3 exploitation wave: Following the publication of the PoC on August 24, Darktrace observed systematic exploit validation from external IPs and documented post-exploitation activity that included:

• Kinsing malware — crypto-mining agent (Monero) communicating with aelix[.]xyz C2 infrastructure
• LLMNR poisoning and LDAP enumeration — internal network reconnaissance
• SMB port scanning and RDP enumeration — lateral movement staging This profile is consistent with initial access brokers staging access for ransomware operations — aligned with CISA's ransomware attribution for this CVE.

Relationship to the 2023 EPMM cluster: CVE-2023-38035 is architecturally distinct from CVE-2023-35078/35081/35082 (which target EPMM directly) but forms a complementary exploitation path. If port 8443 is not internet-exposed, attackers can pivot to Sentry from inside the network using initial access obtained via the EPMM vulnerabilities. Together, the four 2023 CVEs cover both the management plane (EPMM) and the enforcement gateway (Sentry) and, when chained, provide a complete kill chain.

Remediation

1. Apply the version-specific RPM patch — match the RPM to your exact installed version: 9.18 → 9.18.0a, 9.17 → 9.17.0a, 9.16 → 9.16.0a. If on an unsupported version prior to 9.16, upgrade to a supported release first
2. Do not apply the wrong RPM — Ivanti explicitly warns that using the incorrect script can prevent remediation or cause system instability; verify your installed version before applying
3. Restrict port 8443 from the internet — Ivanti states "low risk of exploitation for customers who do not expose 8443 to the internet." The MICS admin portal should never be internet-facing; use firewall ACLs to restrict port 8443 to authorized management source IPs only
4. Patch EPMM alongside Sentry — apply patches for CVE-2023-35078 and CVE-2023-35081 to close the EPMM-based pivot path that can be used to reach an internal Sentry from outside
5. Review Tomcat access logs — check /var/log/tomcat2/ for HTTP POST requests to /mics/services/MICSLogService or any path under /mics/services/*; unrecognized requests to these paths are a strong indicator of exploitation
6. Check for persistence artifacts — post-exploitation activity included downloading static binaries via wget, Kinsing malware installation, and unexpected cron jobs; audit for unexpected binaries in temp directories and outbound connections to unknown hosts
7. Isolate and investigate before patching if compromise is suspected — a compromised Sentry has root OS access and may have been used as a pivot into Exchange or other internal backend resources