Cyber Defense Advisors

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the authentication of the admin panel and create rogue administrative users.

“Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account,” CISA said.

The issue was patched by Ivanti in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August 2024.

The agency did not reveal any specifics on how the shortcoming is being weaponized in real-world attacks and who may be behind them, but Ivanti had previously noted that a proof-of-concept (PoC) is publicly available.

In light of the latest development, Federal Civilian Executive Branch (FCEB) agencies are required to remediate the identified flaw by October 15, 2024, to secure their networks.

In recent months, several flaws affecting Ivanti devices have come under active exploitation in the wild, including CVE-2024-8190 and CVE-2024-8963.

The software services provider acknowledged that it’s aware of a “limited number of customers” who have been targeted by both the issues.

Data shared by Censys shows that there are 2,017 exposed Ivanti Cloud Service Appliance (CSA) instances online as of September 23, 2024, most of which are located in the U.S. It’s currently not known how many of these are actually susceptible.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.