Security News > 2024 > September > Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities catalog, thus mandating all US federal civilian executive branch agencies to remediate it by October 15, 2024. About CVE-2024-7593 Ivanti Virtual Traffic Manager is a software-based application delivery controller and load balancing solution. It includes a web-based … More → The post Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/25/cve-2024-7593-exploited/
Related news
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- CISA reveals new malware variant used on compromised Ivanti Connect Secure devices (source)
- CISA spots spawn of Spawn malware targeting Ivanti flaw (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That (source)
- CVE program gets last-minute funding from CISA – and maybe a new home (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-7593 | Improper Authentication vulnerability in Ivanti Virtual Traffic Management Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | 9.8 |