August 13, 2024 at 11:31AM
Ivanti urged customers to patch critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances. The flaw, tracked as CVE-2024-7593, allows remote unauthenticated attackers to create rogue administrator accounts. Ivanti advises restricting access to vTM management interface and upgrading to the latest patched versions to mitigate the risk.
Key takeaways from the meeting notes are as follows:
1. Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances.
2. The vulnerability, tracked as CVE-2024-7593, allows remote unauthenticated attackers to create rogue administrator accounts on Internet-exposed vTM admin panels.
3. Ivanti has released updates for Ivanti Virtual Traffic Manager (vTM) to address the critical vulnerability and advises customers to upgrade to the latest patched version.
4. Admins are advised to restrict access to the vTM management interface by binding it to an internal network or private IP address to reduce the attack surface and block potential exploitation attempts.
5. The security flaw has been fixed in Ivanti vTM 22.2R1 and 22.7R2, with patches to be released for the remaining supported versions.
6. Ivanti also warned admins to immediately patch an information disclosure vulnerability (CVE-2024-7569) impacting Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier.
7. The company patched another authentication bypass flaw (CVE-2024-22024) impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways in February.
8. Ivanti VPN appliances have been under attack since December 2023 using exploits chaining the CVE-2023-46805 authentication bypass and the CVE-2024-21887 command injection flaws as zero days.
9. There is also a warning of a mass exploitation of a third zero-day (CVE-2024-21893) in February, allowing threat actors to bypass authentication on unpatched ICS, IPS, and ZTA gateways.
These are the key points from the meeting notes regarding the security vulnerabilities and patches that were discussed.