CVE-2024-7593
9.8CRITICALIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Publicado: 8/13/2024Atualizado: 10/24/2025
Vulnerabilidade Explorada Conhecida (CISA)
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Ação Necessária:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Prazo:
2024-10-15
Descrição
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Análise IADesenvolvido por IA
Produtos Afetados
ivantivirtual_traffic_management
22.2
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.3
ivantivirtual_traffic_management
22.5
ivantivirtual_traffic_management
22.6
ivantivirtual_traffic_management
22.7
Referências
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593MitigationPatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593US Government Resource