CVE-2024-7593
9.8CRITICALIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Published: 8/13/2024Updated: 10/24/2025
CISA Known Exploited Vulnerability
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Required Action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date:
2024-10-15
Description
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
AI AnalysisPowered by AI
Affected Products
ivantivirtual_traffic_management
22.2
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.5
ivantivirtual_traffic_management
22.6
ivantivirtual_traffic_management
22.7
References
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593MitigationPatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593US Government Resource