The Cybersecurity Infrastructure and Security Agency (CISA) and Ivanti have shared an update advisory highlighting a critical authentication bypass vulnerability, CVE-2024-7593, in Ivanti’s Virtual Traffic Manager (VTM). This vulnerability has garnered attention due to its inclusion in the CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that it is currently being targeted by threat actors.
Ivanti’s Virtual Traffic Manager serves as a software-based application delivery controller designed to optimize and manage network traffic across web and application servers. By efficiently distributing traffic, inspecting requests, and managing workloads, VTM enhances application performance, security, and scalability. However, the identified vulnerability poses significant risks that organizations must address promptly.
The vulnerability classification for CVE-2024-7593, which pertains to an authentication bypass, falls under a critical rating with a CVSS score of 9.8. It affects several versions of Ivanti Virtual Traffic Manager, specifically versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1.
This flaw allows remote attackers to create administrator accounts, granting them unauthorized access to critical administrative functions within the VTM. At the time of the advisory’s release, Cyble’s ODIN scanner detected 67 internet-facing instances of Ivanti VTM, predominantly located in Japan and the United States. Given this context, organizations are strongly advised to review their audit logs to identify any potential unauthorized access attempts.
Given that the vulnerability can be exploited through the management interface, Ivanti recommends limiting administrative access to the management interface exclusively within internal networks. By restricting access to private or corporate networks, organizations can significantly reduce their exposure to potential threats.
The Ivanti Virtual Traffic Manager plays a pivotal role in ensuring efficient network operations and application performance. However, the recent identification of CVE-2024-7593 highlights the importance of vigilant security practices. With this vulnerability being actively exploited by threat actors, it is important for organizations relying on Ivanti VTM to take immediate action.