Security News > 2024 > August > Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access
2024-08-14 05:18

Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2


News URL

https://thehackernews.com/2024/08/critical-flaw-in-ivanti-virtual-traffic.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-7593 Improper Authentication vulnerability in Ivanti Virtual Traffic Management
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
network
low complexity
ivanti CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283