September 24, 2024 By Sergiu Gatlan
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.
Tracked as CVE-2024-7593, this auth bypass flaw is caused by an incorrect implementation of an authentication algorithm that lets remote unauthenticated attackers circumvent authentication on Internet-exposed vTM admin panels.
Ivanti vTM is a software-based application delivery controller (ADC) that provides load balancing and traffic management for hosting business-critical services.
"Successful exploitation could lead to authentication bypass and creation of an administrator user," Ivanti warned when it released security updates to patch this critical vulnerability.
While the company said that proof-of-concept (PoC) exploit code was already available on August 13 when it released CVE-2024-7593 patches, it has yet to update the security advisory to confirm active exploitation.
