CVE-2024-7593 - Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

CVE-2024-7593: Ivanti | Virtual Traffic Manager

Date Added:
2024-09-24

Due Date:
2024-10-15

Vulnerability Name: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

Description: Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593 ; https://nvd.nist.gov/vuln/detail/CVE-2024-7593

Related News Articles

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to PatchOctober 3, 2024

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)September 25, 2024

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation ConcernsSeptember 25, 2024

Critical Ivanti vTM auth bypass bug now exploited in attacksSeptember 25, 2024

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin AccessAugust 14, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard