Critical Ivanti vTM auth bypass bug now exploited in attacks
September 24, 2024 at 01:06PM CISA has identified a critical Ivanti security vulnerability (CVE-2024-7593) allowing threat actors to create unauthorized admin users on vulnerable Ivanti vTM appliances. The flaw enables bypass of authentication algorithms on internet-exposed vTM admin panels. Ivanti has released security updates and recommends restricting access to the vTM management interface. CISA requires … Read more