Report by CISA Highlights Critical issue in Ivanti vTM with Active Concerns About Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) of the United States, on Tuesday, included a significant security weakness affecting Ivanti Virtual Traffic Manager (vTM) in its Catalog of Known Exploited Vulnerabilities (KEV). The decision was made based on indications of ongoing exploitation.
The specific vulnerability in focus is CVE-2024-7593 (CVSS score: 9.8), which can be manipulated by a remote unauthenticated intruder to bypass admin panel authentication and establish unauthorized administrative profiles.
CISA stated, “Ivanti Virtual Traffic Manager contains a flaw in authentication, enabling a remote, unauthenticated attacker to create a selected administrator account.”
Ivanti rectified the issue in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August 2024.
The agency did not disclose details about the exploitation methodology in real-world scenarios and the parties responsible for them. However, Ivanti had previously mentioned the existence of a publicly available proof-of-concept (PoC).
Given this update, Federal Civilian Executive Branch (FCEB) departments have until October 15, 2024, to address the identified flaw and bolster their network security.
Recently, multiple vulnerabilities impacting Ivanti devices have been subject to active exploitation, such as CVE-2024-8190 and CVE-2024-8963.
The service provider acknowledged that a “limited group of clients” have been targeted by both vulnerabilities.
Data presented by Censys indicates that there are 2,017 publicly accessible Ivanti Cloud Service Appliance (CSA) instances online as of September 23, 2024, the majority of which are in the United States. The extent of vulnerability in these instances is currently unknown.
About Author
