Ivanti vTM flaw added to Known Exploited Vulnerabilities catalog - #CVE-2024-7593
A critical vulnerability identified as CVE-2024-7593 has been discovered in Ivanti Virtual Traffic Manager (vTM) with a high CVSS score of 9.8. This flaw allows remote, unauthenticated attackers to bypass authentication mechanisms and create rogue administrator accounts. Despite no initial reports of exploitation, the public availability of proof-of-concept code and active exploitation have heightened the risk. Ivanti and various cybersecurity organizations have issued patches, detection methods, and mitigation strategies to address the issue. Recommendations include upgrading to patched versions, restricting management interface access to trusted networks, and monitoring audit logs for signs of compromise. This incident highlights the necessity for proactive and collective cyber defense measures to tackle evolving threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to secure affected appliances by October 15, 2024.