CVE-2024-7593

9.8CRITICAL

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Publicado: 8/13/2024Actualizado: 10/24/2025
Ver en NVDVer en MITRE

Vulnerabilidad Explotada Conocida (CISA)

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.

Acción Requerida:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Fecha Límite:

2024-10-15

Descripción

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Análisis IAImpulsado por IA

Productos Afectados

ivantivirtual_traffic_management
22.2
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.5
ivantivirtual_traffic_management
22.6
ivantivirtual_traffic_management
22.7

Referencias