The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593 with a CVSS score 9.8 to its Known Exploited Vulnerabilities (KEV) catalog.
Back in August 2024, Ivanti addressed the vulnerability CVE-2024-7593 that impacts Virtual Traffic Manager (vTM) appliances, allowing attackers to create rogue administrator accounts.
Advertisements
The vulnerability is due to an incorrect implementation of an authentication algorithm that allows remote unauthenticated attackers to bypass authentication on the Internet-facing vTM admin console.
CISA orders federal agencies to fix this vulnerability by October 15, 2024.
Nice information.