Ivanti Virtual Traffic Manager Authentication Bypass

critical Web App Scanning Plugin ID 114411

Synopsis

Ivanti Virtual Traffic Manager Authentication Bypass

Description

Ivanti Virtual Traffic Manager (vTM) versions before 22.2R1 and 22.x < 22.7R2 suffers from an authentication bypass vulnerability. By exploiting this vulnerability, a remote and unauthenticated attacker can access the administration panel and perform arbitrary modifications on the affected instance.

Solution

Upgrade Ivanti vTM to versions 22.2R1, 22.7R2 or later.

See Also

https://forums.ivanti.com/s/article/Product-End-of-Support-End-of-Engineering-Schedule-Pulse-Secure-Traffic-Manager-vTM?language=en_US&psredirect.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US

Plugin Details

Severity: Critical

ID: 114411

Type: remote

Published: 9/3/2024

Updated: 9/3/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-7593

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2024-7593

CVSS v4

Risk Factor: Critical

Base Score: 10

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2024-7593

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/14/2023

Vulnerability Publication Date: 8/14/2024

CISA Known Exploited Vulnerability Due Dates: 10/15/2024

Reference Information

CVE: CVE-2024-7593