VULNERA Pulse

Ivanti — Virtual Traffic Manager

CVE-2024-7593 / Added: Sept. 24, 2024

CRITICAL CVSS 9.80 EPSS Score 97.33 EPSS Percentile 99.91

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.

Headlines

• Sept. 25, 2024 - CISA Adds Patched Ivanti Bug to KEV Catalog
• Sept. 25, 2024 - Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
• Sept. 25, 2024 - Critical Ivanti Authentication Bypass Bug Exploited in Wild
• Sept. 25, 2024 - U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog
• Sept. 25, 2024 - CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
• Sept. 24, 2024 - Critical Ivanti vTM auth bypass bug now exploited in attacks
• Sept. 24, 2024 - CISA Warns of Actively Exploited Ivanti vTM Flaw CVE-2024-7593 (CVSS 9.8), PoC Published
• Sept. 3, 2024 - CVE-2024-7593 (CVSS 9.8): Critical Ivanti vTM Flaw Now Weaponized, PoC Exploit Available
• Aug. 19, 2024 - Experts warn of exploit attempt for Ivanti vTM bug
• Aug. 14, 2024 - Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access
• Aug. 13, 2024 - Critical Ivanti vTM Bug Allows Unauthorized Admin Access
• Aug. 13, 2024 - A PoC exploit code is available for critical Ivanti vTM bug
• Aug. 13, 2024 - Ivanti warns of critical vTM auth bypass with public exploit
• Aug. 13, 2024 - CVE-2024-7593 (CVSS 9.8): Authentication Bypass in Ivanti vTM: Proof of Concept Available

Back to top ↑

CVE-2024-45066

CRITICAL CVSS 10.00 EPSS Score 0.04 EPSS Percentile 9.60

Risk Context N/A

Published: Sept. 25, 2024

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.

Quotes

• It's an exploit that moves something, so you have an impact on the physical world

Headlines

• Sept. 27, 2024 - Critical Vulnerabilities in Automated Tank Gauge Systems Threaten Global Infrastructure
• Sept. 24, 2024 - 10 critical bugs put fuel storage tanks at risk of attacks
• Sept. 24, 2024 - 10 security bugs put fuel storage tanks at risk of attacks
• Sept. 24, 2024 - Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE | CISA

CVE-2024-43693

CRITICAL CVSS 10.00 EPSS Score 0.04 EPSS Percentile 9.60

Risk Context N/A

Published: Sept. 25, 2024

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.

Quotes

• It's an exploit that moves something, so you have an impact on the physical world

Headlines

• Sept. 27, 2024 - Critical Vulnerabilities in Automated Tank Gauge Systems Threaten Global Infrastructure
• Sept. 24, 2024 - 10 critical bugs put fuel storage tanks at risk of attacks
• Sept. 24, 2024 - 10 security bugs put fuel storage tanks at risk of attacks
• Sept. 24, 2024 - Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE | CISA

CVE-2024-7593

CRITICAL CVSS 9.80 EPSS Score 97.33 EPSS Percentile 99.91

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Aug. 13, 2024

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Vendor Impacted: Ivanti

Products Impacted: Virtual Traffic Management, Virtual Traffic Manager

Quotes

• Successful exploitation could lead to authentication bypass and creation of an administrator user
• Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account
• We are not aware of any customers being exploited by this vulnerability at the time of disclosure. However, a Proof of Concept is publicly available, and we urge customers to upgrade to the latest patched version
• This vulnerability is accessible over the management interface. To limit exploitability of this vulnerability, it is industry best practice and advised by Ivanti to limit Admin Access to the Management Interface internal to the network through the private / corporate network

Headlines

• Sept. 25, 2024 - CISA Adds Patched Ivanti Bug to KEV Catalog
• Sept. 25, 2024 - Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
• Sept. 25, 2024 - Critical Ivanti Authentication Bypass Bug Exploited in Wild
• Sept. 25, 2024 - U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog
• Sept. 25, 2024 - CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
• Sept. 24, 2024 - Critical Ivanti vTM auth bypass bug now exploited in attacks
• Sept. 24, 2024 - CISA Warns of Actively Exploited Ivanti vTM Flaw CVE-2024-7593 (CVSS 9.8), PoC Published

CVE-2024-43423

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 9.60

Risk Context N/A

Published: Sept. 25, 2024

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.

Quotes

• It's an exploit that moves something, so you have an impact on the physical world

Headlines

• Sept. 27, 2024 - Critical Vulnerabilities in Automated Tank Gauge Systems Threaten Global Infrastructure
• Sept. 24, 2024 - 10 critical bugs put fuel storage tanks at risk of attacks
• Sept. 24, 2024 - 10 security bugs put fuel storage tanks at risk of attacks
• Sept. 24, 2024 - Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE | CISA

CVE-2024-42507

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 9.60

Remote Code Execution

Published: Sept. 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Quotes

• Enabling cluster-security via the cluster-security command will prevent these vulnerabilities from being exploited in devices running Instant AOS-8.x code

Headlines

• Sept. 26, 2024 - Security Upgrades Available for 3 HPE Aruba Networking Bugs
• Sept. 26, 2024 - HPE patches three critical flaws in Aruba software
• Sept. 26, 2024 - HPE Aruba Networking fixes critical flaws impacting Access Points
• Sept. 26, 2024 - CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action

CVE-2024-42506

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 9.60

Remote Code Execution

Published: Sept. 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Quotes

• Enabling cluster-security via the cluster-security command will prevent these vulnerabilities from being exploited in devices running Instant AOS-8.x code

Headlines

• Sept. 26, 2024 - Security Upgrades Available for 3 HPE Aruba Networking Bugs
• Sept. 26, 2024 - HPE patches three critical flaws in Aruba software
• Sept. 26, 2024 - HPE Aruba Networking fixes critical flaws impacting Access Points
• Sept. 26, 2024 - CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action

CVE-2024-42505

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 9.60

Remote Code Execution

Published: Sept. 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Quotes

• Enabling cluster-security via the cluster-security command will prevent these vulnerabilities from being exploited in devices running Instant AOS-8.x code

Headlines

• Sept. 26, 2024 - Security Upgrades Available for 3 HPE Aruba Networking Bugs
• Sept. 26, 2024 - HPE patches three critical flaws in Aruba software
• Sept. 26, 2024 - HPE Aruba Networking fixes critical flaws impacting Access Points
• Sept. 26, 2024 - CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action

CVE-2024-0132

CRITICAL CVSS 9.00 EPSS Score 0.04 EPSS Percentile 9.60

Remote Code Execution

Published: Sept. 26, 2024

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Quotes

• A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering
• NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system

Headlines

• Sept. 27, 2024 - Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers
• Sept. 26, 2024 - Critical Nvidia bug allows container escape, host takeover
• Sept. 26, 2024 - CVE-2024-0132 (CVSS 9.0): Critical Vulnerabilities Found in NVIDIA Container Toolkit

CVE-2024-47076

HIGH CVSS 8.60 EPSS Score 0.04 EPSS Percentile 10.91

Remote Code Execution

Published: Sept. 26, 2024

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

Quotes

• A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP URLs with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)
• It is a chain of bugs that rely on spoofing a printer in your local network that is automatically added via network discovery if it is turned on at all - usually not in its default configuration. Then an unverified variable that is used to exploit other vulnerabilities in the CUPS system to execute code, but only when a print job is triggered
• Devs are still arguing about whether or not some of the issues have a security impact. I’ve spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can’t accept that their code is crap – responsible disclosure: no more

Headlines

• Sept. 27, 2024 - CUPS flaws allow remote code execution on Linux systems under certain conditions
• Sept. 26, 2024 - CUPS flaws enable Linux remote code execution, but there’s a catch
• Sept. 26, 2024 - Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks
• Sept. 26, 2024 - CVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products

CVE-2024-47176

HIGH CVSS 8.30 EPSS Score 0.04 EPSS Percentile 14.88

Remote Code Execution Public Exploits Available

Published: Sept. 26, 2024

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.

Quotes

• A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP URLs with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)
• It is a chain of bugs that rely on spoofing a printer in your local network that is automatically added via network discovery if it is turned on at all - usually not in its default configuration. Then an unverified variable that is used to exploit other vulnerabilities in the CUPS system to execute code, but only when a print job is triggered
• Devs are still arguing about whether or not some of the issues have a security impact. I’ve spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can’t accept that their code is crap – responsible disclosure: no more

Headlines

• Sept. 27, 2024 - CUPS flaws allow remote code execution on Linux systems under certain conditions
• Sept. 27, 2024 - CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE
• Sept. 26, 2024 - CUPS flaws enable Linux remote code execution, but there’s a catch
• Sept. 26, 2024 - Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks
• Sept. 26, 2024 - CVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products