CVE-2024-7593
Published: 13 August 2024
Summary
CVE-2024-7593 is a critical-severity Improper Authentication (CWE-287) vulnerability in Ivanti Virtual Traffic Manager. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-7593 is an authentication bypass vulnerability caused by an incorrect implementation of an authentication algorithm, tracked under CWE-287 and CWE-303. It affects Ivanti Virtual Traffic Manager (vTM) in versions other than the explicitly excluded releases 22.2R1 and 22.7R2, exposing the administrative interface to remote attack.
A remote unauthenticated attacker can exploit the flaw over the network without user interaction or credentials to bypass authentication entirely on the admin panel. Successful exploitation grants full administrative access, enabling the attacker to achieve complete confidentiality, integrity, and availability impacts as reflected in the CVSS 9.8 base score.
Ivanti’s security advisory directs customers to upgrade to the fixed releases 22.2R1 or 22.7R2. The vulnerability also appears in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The associated EPSS score remains extremely high, with a current value of 0.9444 and a recorded peak of 0.9732.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48489
Vulnerability details
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
- CWE(s)
- KEV Date Added
- 24 September 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and access decisions on the admin panel, blocking the algorithm bypass that allows unauthenticated remote access.
Requires timely remediation of the identified authentication flaw (CWE-287/303) via the vendor-supplied patches for versions prior to 22.2R1/22.7R2.
Mandates proper identification and authentication of users before granting administrative access, directly addressing the broken authentication mechanism.