CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-7593

CVSS 9.8v3.1pub. 2024-08-13upd. 2026-06-05

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ivanti Virtual Traffic Manager

    APP
    Ivanti
    22.222.322.522.622.7

CISA KEV — detailsi

Vendori
Ivanti
Producti
Virtual Traffic Manager
Added to KEVi
September 24, 2024
Remediation deadline (US Federal)i
October 15, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 15 października 2024
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-8051HIGH7.2ten sam produkt

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated att...

CVE-2026-10520CRITICAL10.0⚠ KEVPL ✓ten sam vendor

RCE poprzez OS Command Injection w Ivanti Sentry (nieuwierzytelniony dostęp root)

CVE-2026-1281CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Krytyczny code injection w Ivanti Endpoint Manager Mobile (RCE bez uwierzytelnienia)

CVE-2026-1340CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Code injection w Ivanti EPMM umożliwiający nieuwierzytelniony RCE

CVE-2025-22457CRITICAL9.0⚠ KEVPL ✓ten sam vendor

Stack-based buffer overflow w Ivanti Connect Secure, Policy Secure i ZTA Gateways umożliwiający RCE