Critical Ivanti vTM flaw now actively exploited
Take action: If you are using Ivanti Virtual Traffic Manager (vTM), make sure to have the vTM management interface bound to an internal network or private IP address accessible from trusted channels. After that update the system to latest version ASAP. Because hackers are already hunting for it.
Learn More
CISA warns that an Ivanti critical security vulnerability in its Virtual Traffic Manager (vTM) software, tracked as CVE-2024-7593 (CVSS score 9.8), is now being actively exploited in attacks.
The vTM is a software-based application delivery controller (ADC) that manages traffic and provides load balancing for critical business services.
This vulnerability, due to an incorrect implementation of the authentication algorithm, allows remote, unauthenticated attackers to bypass the authentication process on internet-exposed vTM admin panels. Once exploited, attackers can create unauthorized administrator accounts, granting them complete control over affected systems.
Ivanti released patches for this flaw on August 13, 2024, and proof-of-concept (PoC) exploit code was made available at that time. While Ivanti has not updated the security advisory to officially confirm active exploitation, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-7593 to its Known Exploited Vulnerabilities (KEV) catalog on September 24, 2024.
Administrators are advised to check Audit Logs Output for suspicious new admin users like 'user1' or 'user2', which could indicate exploitation. Ivanti recommends restricting access to the vTM management interface by binding it to internal networks or private IP addresses.
