Ivanti vTM Bug Exploit Attempts Detected, Experts Warn
August 19, 2024
The Shadowserver Foundation has detected an exploit attempt linked to the Ivanti vTM bug, CVE-2024-7593. In the middle of August, Ivanti resolved a severe authentication bypass vulnerability, identified as CVE-2024-7593 with a CVSS score of 9.8. This vulnerability impacts Virtual Traffic Manager (vTM) appliances and could enable attackers to establish illicit administrator accounts.
Ivanti vTM is a software-driven traffic management solution designed to enhance and safeguard application delivery. As per the company's advisory, successful exploitation of this vulnerability could lead to bypassing authentication and the creation of an administrator user. The vulnerability arises from an incorrect implementation of an authentication algorithm in Ivanti vTM versions other than 22.2R1 or 22.7R2, allowing a remote unauthenticated attacker to bypass the admin panel's authentication.
The flaw was addressed by Ivanti with patch 22.2R1, released on March 26, 2024, or 22.7R2, released on May 20, 2024. Ivanti explained that customers who have directed their management interface towards a private IP and limited access can resolve the issue at their earliest convenience.
At the time of the vulnerability disclosure, Ivanti was not aware of any attacks exploiting this flaw in the wild, but it was aware of the public availability of Proof of Concept exploit code. As stated in the advisory, 'We are not aware of any customers being exploited by this vulnerability at the time of disclosure. However, a Proof of Concept is publicly available, and we urge customers to upgrade to the latest patched version.'
To minimize the vulnerability's exploitability, Ivanti advises limiting Admin Access to the Management Interface within the network through the private/corporate network. The Shadowserver Foundation discovered only 31 Ivanti vTM devices exposed on the Internet as of August 17, 2024. Most of these devices are located in the United States (14), followed by the UK (5), Bahrain (3), and Canada (3). Despite the low number, they have noticed an exploit attempt based on the public PoC for CVE-2024-7593.
Related News
Latest News
- CISA Issues Warning: SolarWinds' RCE Vulnerability Being Exploited
- ValleyRAT Malware Campaign Targets Chinese Users with Sophisticated Techniques
- Microsoft Suspends BitLocker Security Patch, Recommends Manual Mitigation
- Black Basta Ransomware Group Linked to New Malware Campaign
- Critical Zero-Click Windows TCP/IP RCE Vulnerability Affects All IPv6-Enabled Systems: Urgent Patch Needed
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.