Ivanti fixes critical auth bypass flaw in with public exploit in Virtual Traffic Manager

Ivanti has reported and addressed a critical security vulnerability in its Virtual Traffic Manager (vTM) appliances. Ivanti's Virtual Traffic Manager (vTM) is a Layer 7 application delivery controller that manages IP traffic, offering load and high availability balancing functions.

The vulnerability, tracked as CVE-2024-7593 (CVSS score 9.8), is an authentication bypass flaw that could allow remote, unauthenticated attackers to create rogue administrator accounts on vTM systems exposed to the internet.

This issue stems from a faulty implementation of an authentication algorithm within the vTM admin panel. If exploited, this flaw could provide attackers with administrative access, leading to potential full system compromise.

While Ivanti has not observed any active exploitation of this vulnerability, a proof-of-concept exploit has been publicly released, increasing the risk of potential attacks.

The affected versions are Ivanti vTM versions prior to 22.2R1 and 22.7R2.

The vulnerability has been addressed in versions 22.2R1 and 22.7R2 of Ivanti vTM. Ivanti advises administrators to promptly upgrade to these versions to mitigate the risk.

For those who cannot immediately update, Ivanti recommends restricting access to the vTM management interface by binding it to an internal network or private IP address, which can significantly reduce the attack surface.

1. Navigate to System > Security in the vTM settings.
2. Adjust the Management IP Address and Admin Server Port to bind the interface to a trusted internal network.
3. Limit access to specific IP addresses through the "bindip" setting to ensure only trusted users can access the interface.