CVE-2024-7593 - Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

Vulnerability Name

Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

Description

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

https://nvd.nist.gov/vuln/detail/CVE-2024-7593

Related News Articles

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to PatchOctober 3, 2024

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)September 25, 2024

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation ConcernsSeptember 25, 2024

Critical Ivanti vTM auth bypass bug now exploited in attacksSeptember 25, 2024

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin AccessAugust 14, 2024