CVE-2024-7593

Published Aug 13, 2024

Last updated 2 months ago

Exploit knownCVSS critical 9.8

Overview

Description
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
Exploit added on
Sep 24, 2024
Exploit action due
Oct 15, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-287
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-287

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-7593

    @transilienceai

    5 Nov 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-7593

    @transilienceai

    4 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Another day, another cyber glitch? This time, it's Ivanti's turn in the hot seat with security flaw CVE-2024-7593. Quiet day at the office? Fancy a spot of rogue admin creation, do we? time for a cuppa and patch-up! #CyberSecurity #IvantiGate https://t.co/nAlkRGPRg9

    @LimitedViewX

    3 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #Vulnerability #CVE20247593 CISA Warns of Actively Exploited Ivanti vTM Flaw CVE-2024-7593 (CVSS 9.8), PoC Published https://t.co/gGRyRDtC37

    @Komodosec

    31 Oct 2024

    50 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2024-7593

    @transilienceai

    30 Oct 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-7593

    @transilienceai

    25 Oct 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2024-7593

    @transilienceai

    23 Oct 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2024-7593

    @transilienceai

    20 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2024-7593

    @transilienceai

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References