September 24, 2024 at 01:06PM
CISA has identified a critical Ivanti security vulnerability (CVE-2024-7593) allowing threat actors to create unauthorized admin users on vulnerable Ivanti vTM appliances. The flaw enables bypass of authentication algorithms on internet-exposed vTM admin panels. Ivanti has released security updates and recommends restricting access to the vTM management interface. CISA requires federal agencies to secure vulnerable appliances by October 15.
Based on the meeting notes, it’s clear that there is a critical security vulnerability (CVE-2024-7593) in Ivanti’s Virtual Traffic Manager (vTM) appliances that allows for an authentication bypass, potentially resulting in the creation of a rogue admin user. This flaw has been actively exploited in attacks, prompting CISA to add it to its Known Exploited Vulnerabilities catalog and issue a directive for federal agencies to secure vulnerable appliances within three weeks. The company recommended applying security updates to patch the vulnerability and taking measures such as restricting access to the vTM management interface and monitoring for evidence of compromise. It’s also important to note that Ivanti has been enhancing its internal scanning and testing capabilities and is working on improving its responsible disclosure process in response to these attacks.
Feel free to reach out if you need further assistance or if you have any specific questions regarding these meeting notes.