Security advisories

Critical Ivanti vTM Authentication Bypass Vulnerability

August 14, 2024 | 2 MINS READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On August 12th, Ivanti disclosed a new critical vulnerability impacting Ivanti Virtual Traffic Manager (vTM). The vulnerability, tracked as CVE-2024-7593 (CVSS: 9.8), impacts Ivanti vTM versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1. Exploitation would enable an unauthenticated remote threat actor with access to the management interface to bypass authentication, access the admin panel, and create new administrator users.

Proof-of-Concept (PoC) exploit code has been available for the vulnerability since at least August 5th. While attacks exploiting CVE-2024-7593 have not been identified at the time of writing, the eSentire Threat Intelligence team assesses that it is highly likely opportunistic threat actors will attempt to exploit CVE-2024-7593 in the immediate future. Organizations are strongly recommended to apply the available security patches or alternative mitigations as soon as possible.

What we’re doing about it

What you should do about it

Additional information

Ivanti vTM is a software-based Application Delivery Controller (ADC), designed to manage traffic flow for large volumes of network activity efficiently. CVE-2024-7593 is due to the flawed implementation of an authentication algorithm in Ivanti vTM. Ivanti has released two fixed version (22.2R1, 22.7R2); additional updates are set to be released by Ivanti on August 19th (22.3R3, 22.3R3, 22.5R2, 22.6R2).

In addition to CVE-2024-7593, Ivanti has also disclosed multiple vulnerabilities impacting Ivanti Avalanche and Ivanti Neurons for ITSM. These vulnerabilities range in criticality and require patching, but there is currently no indication of either real-world attacks or PoC exploit code.

Threat actors have heavily targeted Ivanti vulnerabilities in the past, with zero-day vulnerabilities in Ivanti being disclosed in January 2024 and August 2023. As multiple threat actor groups have previously targeted Ivanti software, the potential impact of CVE-2024-7593 exploitation, and availability of PoC exploit code, it is highly likely that security researchers and threat actors will dedicate resources into investigating the most recent Ivanti vulnerabilities. Organizations are strongly recommended to remediate these vulnerabilities before exploitation is identified in the wild.

References:

[1] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-7593 
[3] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US#:~:text=Q%3A%20How%20can%20I%20tell%20if%20I%20have%20been%20compromised%3F%C2%A0 
[4] https://help.ivanti.com/ps/help/en_US/VTM/22.x/userguide/ps-vtm-userguide/introducing_the_.htm#overview_2917896612_599577
[5] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373?language=en_US 
[6] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570?language=en_US 
[7] https://www.esentire.com/security-advisories/ivanti-zero-day-vulnerability-cve-2023-38035 
[8] https://www.esentire.com/security-advisories/third-ivanti-zero-day-vulnerability-cve-2024-21893

View Most Recent Advisories