CVE-2024-7593

Published: Aug 13, 2024Modified: May 14, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Affected (6)

Products: Ivanti: Virtual Traffic Manager

Ivanti

1 product

Virtual Traffic Manager

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ivanti Virtual Traffic Manager	Version 22.2
Ivanti Virtual Traffic Manager	Version 22.3
Ivanti Virtual Traffic Manager	Version 22.3 r2
Ivanti Virtual Traffic Manager	Version 22.5 r1
Ivanti Virtual Traffic Manager	Version 22.6 r1
Ivanti Virtual Traffic Manager	Version 22.7 r1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-303

Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References (2)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

MitigationPatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.