The recent addition of a new Ivanti vulnerability to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog has raised concerns among cybersecurity professionals. The vulnerability, identified as CVE-2024-7593, is a virtual traffic manager authentication bypass flaw that could potentially allow a remote unauthenticated attacker to circumvent the admin panel and establish their own admin accounts. This security loophole is attributed to the incorrect implementation of an authentication algorithm in older versions of Ivanti vTM.
With a high severity score of 9.8, the vulnerability was promptly addressed by Ivanti with the release of patched versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August. Despite the patch release, the presence of a proof-of-concept for exploitation concerns security experts. Ivanti urged customers to upgrade to the latest patched version of vTM as a precautionary measure. However, the potential exploitation of the vulnerability in the wild and the identity of any threat actors remain unknown.
The emergence of this Ivanti vulnerability is not an isolated incident, as the vendor has experienced active exploitation of vulnerabilities in recent months. Two flaws affecting Ivanti’s Cloud Service Appliance, namely CVE-2024-8963 and CVE-2024-8190, have also been targeted by malicious actors. This pattern of vulnerabilities being exploited underscores the importance of proactive security measures and prompt software updates to mitigate potential risks.
The cybersecurity community is closely monitoring the situation and urging organizations to stay vigilant against potential threats. As the digital landscape continues to evolve, cybersecurity professionals emphasize the critical role of timely vulnerability management and proactive security measures to safeguard sensitive systems and data from malicious exploitation. By staying informed about emerging threats and promptly addressing security vulnerabilities, organizations can enhance their cyber resilience and mitigate the risk of cyber incidents.