CVE-2024-7593
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Sep 24, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Ivanti / Virtual Traffic Manager
Vulnerability
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
Added to KEV
Sep 24, 2024
Remediate by
Oct 15, 2024
Known ransomware use
No
Summary description
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593 ; https://nvd.nist.gov/vuln/detail/CVE-2024-7593
No related CVEs by CWE or product.