A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

Go beyond vulnerability scanning with the Vulcan Cyber ExposureOS >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo

A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

Go beyond vulnerability scanning with the Vulcan Cyber ExposureOS >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo
Get a demo

Voyager18 (research)

How to fix CVE-2024-7593 in Ivanti Virtual Traffic Manager

Learn about CVE-2024-7593, a critical Ivanti vTM vulnerability, its risks, and how to patch and protect your systems from potential attacks.

Orani Amroussi | September 10, 2024

In this article

Assess yourself

Discover the maturity of your exposure management program

Take assessment

In August 2024, Ivanti disclosed CVE-2024-7593, a critical vulnerability in its Virtual Traffic Manager (vTM). This flaw allows unauthenticated attackers to bypass the authentication process and gain full administrative control over the vTM management interface.

With a publicly available proof-of-concept (PoC) exploit, this vulnerability poses a significant risk to organizations using vulnerable versions of vTM. In this blog, we’ll explore what CVE-2024-7593 is, assess who might be affected, and provide steps to secure your systems before attackers take advantage of this critical weakness.

 

TL;DR

Type: 

 Authentication bypass

Severity 

 CVSS: 9.8

Wild Exploit: 

 No

PoC

 Yes

Platforms: 

 Ivanti Virtual Traffic Manager

Affects: 

 22.2 – 22.7R1 

MITRE advisory 

 Read more

Remediation action 

 Apply recommended patches. 

What is CVE-2024-7593?

CVE-2024-7593 is a critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM). It allows unauthenticated, remote attackers to gain administrative access to the management interface of vTM, potentially leading to full system compromise.

The vulnerability stems from an incorrect implementation of an authentication algorithm and affects vTM versions prior to 22.2R1 and 22.7R2.

 

Does it affect me?

If your organization uses Ivanti vTM for application traffic management and is running a version earlier than 22.2R1 or 22.7R2, your system could be vulnerable. Especially if the vTM management interface is exposed to the internet, attackers may exploit this flaw to bypass authentication and create rogue admin accounts.

 

Has CVE-2024-7593 been actively exploited in the wild?

While there is no confirmed evidence of active exploitation as of the time of disclosure, a public proof-of-concept (PoC) exploit is available. This increases the likelihood that threat actors could soon leverage the vulnerability in attacks, so it’s important to patch as soon as possible.

 

Fixing CVE-2024-7593

To protect your systems, Ivanti has released patches for affected versions, including 22.2R1 and 22.7R2. It is crucial to apply these updates immediately.

Additionally, administrators should restrict access to the management interface by binding it to internal networks or private IPs to reduce the risk of exposure. Monitoring logs for any suspicious new admin accounts (like ‘user1’ or ‘user2’) can also help detect exploitation attempts.

 

Further reading

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. Q1 2024 Vulnerability Watch
  2. The MITRE ATT&CK framework: Getting started
  3. The true impact of exploitable vulnerabilities for 2024
  4. Vulnerability disclosure policy (and how to get it right)
  5. How to properly tackle zero-day threats
<< back to blog Next story >>
Back to blog Next story

Get rid of silos;

Start owning exposure risk

Test drive the leader in exposure risk management

Try for free