Security News > 2024 > September > Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities catalog, thus mandating all US federal civilian executive branch agencies to remediate it by October 15, 2024. About CVE-2024-7593 Ivanti Virtual Traffic Manager is a software-based application delivery controller and load balancing solution. It includes a web-based … More → The post Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/25/cve-2024-7593-exploited/
Related news
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) (source)
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- Ivanti warns high severity CSA flaw is now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-7593 | Improper Authentication vulnerability in Ivanti Virtual Traffic Management Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | 9.8 |