CVE-2024-7593

Name of the Vulnerable Software and Affected Versions Ivanti vTM versions prior to 22.2R1 and 22.7R2

Description A critical vulnerability in Ivanti Virtual Traffic Manager (vTM) allows remote unauthenticated attackers to bypass authentication and gain full administrative control of vulnerable vTM appliances. The flaw is due to an incorrect implementation of an authentication algorithm. This vulnerability is being actively exploited, and a proof-of-concept exploit is available. It is crucial for system administrators and security professionals to respond quickly to this threat.

Recommendations For Ivanti vTM versions prior to 22.2R1 and 22.7R2, update to version 22.2R1 or 22.7R2 or later to patch the vulnerability. As a temporary workaround, consider restricting access to the vTM management interface to internal networks only and changing default credentials to prevent unauthorized access. Additionally, limiting access to the vTM management interface and changing default credentials can help mitigate the risk of exploitation until a patch is applied.