Security News > 2024 > September > Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
2024-09-25 09:41

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities catalog, thus mandating all US federal civilian executive branch agencies to remediate it by October 15, 2024. About CVE-2024-7593 Ivanti Virtual Traffic Manager is a software-based application delivery controller and load balancing solution. It includes a web-based … More → The post Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/09/25/cve-2024-7593-exploited/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-7593 Improper Authentication vulnerability in Ivanti Virtual Traffic Management
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
network
low complexity
ivanti CWE-287
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 1 53 171 79 304