Ivanti Sentry RCE and Authentication Bypass Flaws

Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to achieve root-level command execution via OS command injection. With a maximum CVSS score of 10.0 and a network-accessible, no-interaction attack vector, this represents a critical exposure for any internet-facing Sentry appliance, though no public exploit has been identified at time of analysis.

Authentication bypass in Ivanti Sentry prior to R10.5.2, R10.6.2, and R10.7.1 allows remote attackers to create arbitrary administrative accounts and gain full admin control of the mobile management gateway. The flaw is rated CVSS 9.9 with a scope-changed vector, indicating compromise extends beyond the immediate vulnerable component. No public exploit identified at time of analysis, though Ivanti Sentry has a recurring history of being targeted by advanced threat actors.