#AdminPanel

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

by

September 25, 2024 at 02:48AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-7593, allows remote unauthenticated attackers to create rogue administrative users. Ivanti has released patches, and agencies are required to address the flaw … Read more

Critical Ivanti vTM auth bypass bug now exploited in attacks

by

September 24, 2024 at 01:06PM CISA has identified a critical Ivanti security vulnerability (CVE-2024-7593) allowing threat actors to create unauthorized admin users on vulnerable Ivanti vTM appliances. The flaw enables bypass of authentication algorithms on internet-exposed vTM admin panels. Ivanti has released security updates and recommends restricting access to the vTM management interface. CISA requires … Read more