CVE-2024-7593

Warning

EPSS 94.42%
Published 13.08.2024 19:15:16
Last modified 25.09.2024 01:00:03
Source 3c1d8aa1-5a33-4ea4-8992-aadd64
Teams watchlist Login
Open Login

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Affected products Warnungen 1 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Ivanti ≫ Virtual Traffic Management Version22.2

Ivanti ≫ Virtual Traffic Management Version22.3 Update-

Ivanti ≫ Virtual Traffic Management Version22.3 Updater2

Ivanti ≫ Virtual Traffic Management Version22.5 Updater1

Ivanti ≫ Virtual Traffic Management Version22.6 Updater1

Ivanti ≫ Virtual Traffic Management Version22.7 Updater1

24.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

Vulnerability

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.42%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3c1d8aa1-5a33-4ea4-8992-aadd6440af75	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-303 Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

Patch

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2024-7593

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7593

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7593

EUVD