CVE-2024-7593
9.8CRITICALIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
게시됨: 8/13/2024업데이트됨: 10/24/2025
CISA 알려진 악용 취약점
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
필요한 조치:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
마감일:
2024-10-15
설명
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
AI 분석AI 기반
영향받는 제품
ivantivirtual_traffic_management
22.2
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.5
ivantivirtual_traffic_management
22.6
ivantivirtual_traffic_management
22.7
참조
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593MitigationPatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593US Government Resource