To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.
The researchers at Shadowserver Foundation found only 31 Ivanti vTM devices exposed on the Internet as of 2024-08-17. Most of the devices are in the United States (14), followed by the UK (5), Bahrain (3) and Canada (3), however, they have observed an exploit attempt based on the public PoC.
Shadowserver researchers have discovered an exploit attempt for the Ivanti vTM vulnerability tracked as CVE-2024-7593, which has a CVSS score of 9.8.
The vulnerability impacts Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts and a successful exploitation could lead to authentication bypass and creation of an administrator user.
The vulnerability is due to an incorrect implementation of an authentication algorithm that allows remote unauthenticated attackers to bypass authentication on the Internet-facing vTM admin console.
The company addressed the flaw with the patch 22.2R1 or 22.7R2 and urged the customers who have pointed their management interface to a private IP and restricted access can address the issue at their earliest convenience.
Ivanti stated that it is unaware of attacks exploiting this flaw in the wild while its been disclosed. However, it is aware of the public availability of Proof of Concept exploit code.
To limit the exploitation Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.
The identified deices are in the United States (14), followed by the UK (5), Bahrain (3) and Canada (3), however, they have observed an exploit attempt based on the public PoC.
