September 25, 2024 at 02:13PM
CISA has added CVE-2024-7593, a high-severity Ivanti vulnerability, to its Known Exploited Vulnerabilities Catalog. The flaw allows remote unauthenticated attackers to create admin accounts by bypassing the admin panel due to an authentication algorithm implementation issue in older Ivanti vTM versions. Patched in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2.
Based on the meeting notes, the Cybersecurity and Infrastructure Security Agency (CISA) has added a new Ivanti vulnerability, CVE-2024-7593, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability is a virtual traffic manager authentication bypass vulnerability that could be exploited by a remote unauthenticated attacker to bypass the admin panel and create their own admin accounts. The vulnerability has a high-severity score of 9.8 and was patched with the release of vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August. Ivanti noted that a proof-of-concept was available and advised customers to upgrade to the latest patched version of vTM as soon as possible. It is unclear if the vulnerability is being actively exploited in the wild and who might be behind any potential exploitation.
Additionally, it was noted that two other flaws affecting Ivanti’s Cloud Service Appliance, CVE-2024-8963 and CVE-2024-8190, have also been exploited by malicious actors in recent months.