25 September 2024

High-severity Ivanti VTM auth bypass bug exploited in the wild


High-severity Ivanti VTM auth bypass bug exploited in the wild

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-risk Ivanti Virtual Traffic Manager authentication bypass vulnerability it to its Known Exploited Vulnerabilities (KEV) catalog.

Tracked as CVE-2024-7593, the flaw allows a remote attacker to compromise the target system. The issue exists due to incorrect implementation of authentication algorithm. A remote attacker can bypass authentication of the admin panel. Virtual Traffic Manager versions 22.2 - 22.7R1 are said to be impacted.

Earlier this month, CISA flagged another critical Ivanti vulnerability - CVE-2024-8963. The flaw, present in unpatched CSA systems, allows remote, unauthenticated attackers to bypass administrative controls and access restricted functionalities.

Attackers are chaining CVE-2024-8963 with the command injection bug CVE-2024-8190 to gain elevated access. The latter was patched last week. Through the chained exploits, attackers can bypass admin authentication entirely, allowing them to execute arbitrary commands on compromised systems.


Back to the list

Latest Posts

Hackers hijack high-level accounts and sensitive data of JAXA’s execs

Hackers hijack high-level accounts and sensitive data of JAXA’s execs

The attackers commandeered roughly 200 accounts, including those of senior officials and members of JAXA’s leadership team.
7 October 2024
Over 100 orgs breached in BabyLockerKZ ransomware attacks

Over 100 orgs breached in BabyLockerKZ ransomware attacks

BabyLockerKZ is an updated variant of the MedusaLocker ransomware.
7 October 2024
Chinese hackers reportedly compromise US court wiretap systems

Chinese hackers reportedly compromise US court wiretap systems

The attack targeted major US telecom companies including Verizon, AT&T, and Lumen Technologies.
7 October 2024