An unauthenticated remote code execution vulnerability in Ivanti Sentry allows attackers to gain root-level access, presenting an extreme risk to network security.

This OS command injection vulnerability allows an unauthenticated attacker to send a crafted POST request to the handleMessage endpoint, leading to full root-level remote code execution.

With a perfect CVSS score of 10.0, this is a critical vulnerability. As Ivanti Sentry often resides at the network edge to manage mobile and enterprise traffic, a root-level compromise provides attackers with a strategic foothold to move laterally into internal systems, intercept traffic, and exfiltrate sensitive enterprise data.

Immediate Action: Upgrade to Ivanti Sentry versions R10.5.2, R10.6.2, R10.7.1, or higher immediately.

Proactive Monitoring: Review logs for unusual POST requests to the handleMessage endpoint and monitor for unexpected administrative account activity or unauthorized system processes.

Compensating Controls: Restrict external access to the Sentry management interface using firewall rules until the patch is deployed, and monitor for unauthorized inbound traffic.

Public Exploit Available: True

This vulnerability is highly critical and provides attackers with full system control. Organizations must prioritize the patch deployment process and ensure that any Ivanti Sentry device exposed to the internet is updated without delay.