September 25, 2024 at 02:48AM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-7593, allows remote unauthenticated attackers to create rogue administrative users. Ivanti has released patches, and agencies are required to address the flaw by October 15, 2024.
Based on the meeting notes, here are the key takeaways:
1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security flaw (CVE-2024-7593) impacting Ivanti Virtual Traffic Manager (vTM) and has added it to its Known Exploited Vulnerabilities (KEV) catalog.
2. This vulnerability could be exploited by a remote unauthenticated attacker to bypass the authentication of the admin panel and create rogue administrative users.
3. Ivanti has released patches for this vulnerability in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August 2024.
4. FCEB agencies are required to remediate the identified flaw by October 15, 2024, to secure their networks.
5. Several other flaws affecting Ivanti devices have also come under active exploitation in recent months, including CVE-2024-8190 and CVE-2024-8963.
6. Censys data shows that there are 2,017 exposed Ivanti Cloud Service Appliance (CSA) instances online as of September 23, 2024, most of which are located in the U.S.
These takeaways summarize the key points from the meeting notes. Let me know if you need further information or additional details.