August 14, 2024 at 02:03AM
Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that could allow an authentication bypass and the creation of rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8. Additionally, Ivanti has addressed other vulnerabilities in Neurons for ITSM and Ivanti Avalanche. Users are advised to apply the latest fixes promptly.
Meeting Takeaways:
1. Ivanti has released security updates to address a critical flaw in Virtual Traffic Manager (vTM) that could enable an authentication bypass and unauthorized administrative access. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 and affects several versions of vTM. A temporary mitigation recommended by Ivanti is to limit admin access to the management interface or restrict access to trusted IP addresses.
2. Additionally, Ivanti has addressed two vulnerabilities in Neurons for ITSM, including an information disclosure flaw and improper certificate validation issue. These vulnerabilities affect versions 2023.4, 2023.3, and 2023.2 and have been resolved in subsequent patch versions.
3. Ivanti has also patched five high-severity flaws in Ivanti Avalanche, mitigating the risk of denial-of-service (DoS) conditions or remote code execution. These issues have been fixed in version 6.4.4.
It’s important for users to apply the latest fixes provided by Ivanti to mitigate the potential risks associated with these vulnerabilities.
Please let me know if you need any further information.