Back to KEVs

CVE-2024-7593

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 07, 2024
Published Date: August 13, 2024
Last Updated: September 24, 2024
Vendor: Ivanti
Product: vTM
Description: Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-09-24 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-09-24 22:24:35 UTC) Source

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-09-24 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7593.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

D3N14LD15K/CVE-2024-7593_PoC_Exploit

Type: github • Created: 2024-09-24 22:24:35 UTC • Stars: 9

CVE-2024-7593 Ivanti Virtual Traffic Manager 22.2R1 / 22.7R2 Admin Panel Authentication Bypass PoC [EXPLOIT]