August 13, 2024 at 04:34PM
Ivanti has addressed a critical vulnerability in its Virtual Traffic Manager (vTM) related to an authentication algorithm, with a major potential impact. While no attacks have been observed, a proof-of-concept exploit is publicly available. Ivanti has provided patches and recommends limiting vTM access to trusted IP addresses to reduce the attack surface.
Key takeaways from the meeting notes:
– Ivanti’s Virtual Traffic Manager (vTM) has been patched to address a critical vulnerability (CVE-2024-7593) related to an incorrect implementation of an authentication algorithm.
– The vulnerability could be exploited by remote, unauthorized entities to bypass authentication, access the vTM’s admin panel, and potentially create an administrator account for malicious purposes.
– The severity of the vulnerability is rated at 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) ratings scale.
– While Ivanti has not observed any attacks on customers related to CVE-2024-7593, a proof-of-concept (PoC) exploit is publicly available.
– A vADC exploit was discovered on the Exploit Database (Exploit-DB) and Ivanti confirmed that it was not the PoC mentioned in its advisory.
– Ivanti recommends applying patches for vTM versions 22.2R1 and 22.7R2 to address CVE-2024-7593, with additional patched versions expected to roll out.
– Organizations are advised to adjust their vTM settings to expose the management panel only to internal, trusted IP addresses to reduce the attack surface.
– It is noted that Ivanti has experienced a series of security lapses this year and emphasizes the importance of dutiful patching and following industry best practices for network configuration.
Please let me know if you need further clarification or if there are additional details you would like me to provide.