September 25, 2024 at 02:13PM CISA has added CVE-2024-7593, a high-severity Ivanti vulnerability, to its Known Exploited Vulnerabilities Catalog. The flaw allows remote unauthenticated attackers to create admin accounts by bypassing the admin panel due to an authentication algorithm implementation issue in older Ivanti vTM versions. Patched in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and … Read more
September 25, 2024 at 02:48AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-7593, allows remote unauthenticated attackers to create rogue administrative users. Ivanti has released patches, and agencies are required to address the flaw … Read more
August 14, 2024 at 06:57AM Ivanti announced patches for eight vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, including two critical-severity flaws. The patches address security defects, such as information disclosure and improper certificate validation, and are available for download. Ivanti recommends customers upgrade to the patched versions to mitigate potential risks. Based … Read more
August 14, 2024 at 02:03AM Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that could allow an authentication bypass and the creation of rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8. Additionally, Ivanti has addressed other vulnerabilities in Neurons for ITSM and Ivanti … Read more
August 13, 2024 at 04:34PM Ivanti has addressed a critical vulnerability in its Virtual Traffic Manager (vTM) related to an authentication algorithm, with a major potential impact. While no attacks have been observed, a proof-of-concept exploit is publicly available. Ivanti has provided patches and recommends limiting vTM access to trusted IP addresses to reduce the … Read more
August 13, 2024 at 11:31AM Ivanti urged customers to patch critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances. The flaw, tracked as CVE-2024-7593, allows remote unauthenticated attackers to create rogue administrator accounts. Ivanti advises restricting access to vTM management interface and upgrading to the latest patched versions to mitigate the risk. Key … Read more