Ivanti vTM Bug Exploit Attempts Detected, Experts Warn

August 19, 2024

The Shadowserver Foundation has detected an exploit attempt linked to the Ivanti vTM bug, CVE-2024-7593. In the middle of August, Ivanti resolved a severe authentication bypass vulnerability, identified as CVE-2024-7593 with a CVSS score of 9.8. This vulnerability impacts Virtual Traffic Manager (vTM) appliances and could enable attackers to establish illicit administrator accounts.

Ivanti vTM is a software-driven traffic management solution designed to enhance and safeguard application delivery. As per the company's advisory, successful exploitation of this vulnerability could lead to bypassing authentication and the creation of an administrator user. The vulnerability arises from an incorrect implementation of an authentication algorithm in Ivanti vTM versions other than 22.2R1 or 22.7R2, allowing a remote unauthenticated attacker to bypass the admin panel's authentication.

The flaw was addressed by Ivanti with patch 22.2R1, released on March 26, 2024, or 22.7R2, released on May 20, 2024. Ivanti explained that customers who have directed their management interface towards a private IP and limited access can resolve the issue at their earliest convenience.

At the time of the vulnerability disclosure, Ivanti was not aware of any attacks exploiting this flaw in the wild, but it was aware of the public availability of Proof of Concept exploit code. As stated in the advisory, 'We are not aware of any customers being exploited by this vulnerability at the time of disclosure. However, a Proof of Concept is publicly available, and we urge customers to upgrade to the latest patched version.'

To minimize the vulnerability's exploitability, Ivanti advises limiting Admin Access to the Management Interface within the network through the private/corporate network. The Shadowserver Foundation discovered only 31 Ivanti vTM devices exposed on the Internet as of August 17, 2024. Most of these devices are located in the United States (14), followed by the UK (5), Bahrain (3), and Canada (3). Despite the low number, they have noticed an exploit attempt based on the public PoC for CVE-2024-7593.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.