CVE-2024-7593
9.8CRITICALIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Veröffentlicht: 8/13/2024Aktualisiert: 10/24/2025
CISA Bekannte Ausgenutzte Schwachstelle
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Erforderliche Maßnahme:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Fälligkeitsdatum:
2024-10-15
Beschreibung
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
KI-AnalyseKI-gestützt
Betroffene Produkte
ivantivirtual_traffic_management
22.2
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.5
ivantivirtual_traffic_management
22.6
ivantivirtual_traffic_management
22.7
Referenzen
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593MitigationPatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593US Government Resource