Lucene search
IvantiCVE-2024-7593HistoryAug 13, 2024 - 7:15 p.m.
CVE-2024-7593
2024-08-1319:15:16
CWE-287
CWE-303
ivanti
web.nvd.nist.gov
36
ivanti vtm
authentication bypass
cve-2024-7593
remote attacker
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
High
EPSS
0.937
Percentile
99.2%
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Affected configurations
Node
ivantivirtual_traffic_managementMatch22.2
ORivantivirtual_traffic_managementMatch22.3-
ORivantivirtual_traffic_managementMatch22.3r2
ORivantivirtual_traffic_managementMatch22.5r1
ORivantivirtual_traffic_managementMatch22.6r1
ORivantivirtual_traffic_managementMatch22.7r1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ivanti | virtual_traffic_management | 22.2 | cpe:2.3:a:ivanti:virtual_traffic_management:22.2:*:*:*:*:*:*:* |
| ivanti | virtual_traffic_management | 22.3 | cpe:2.3:a:ivanti:virtual_traffic_management:22.3:-:*:*:*:*:*:* |
| ivanti | virtual_traffic_management | 22.3 | cpe:2.3:a:ivanti:virtual_traffic_management:22.3:r2:*:*:*:*:*:* |
| ivanti | virtual_traffic_management | 22.5 | cpe:2.3:a:ivanti:virtual_traffic_management:22.5:r1:*:*:*:*:*:* |
| ivanti | virtual_traffic_management | 22.6 | cpe:2.3:a:ivanti:virtual_traffic_management:22.6:r1:*:*:*:*:*:* |
| ivanti | virtual_traffic_management | 22.7 | cpe:2.3:a:ivanti:virtual_traffic_management:22.7:r1:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "vTM",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.2R1",
"versionType": "custom"
}
]
}
]Related
metasploit
metasploit
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
2024-08-14 01:00:06
githubexploit
githubexploit
Exploit for Improper Authentication in Ivanti Virtual Traffic Management
2024-08-26 11:03:00
cvelist
cvelist
CVE-2024-7593
2024-08-13 18:17:47
nvd
nvd
CVE-2024-7593
2024-08-13 19:15:16
nessus
nessus
packetstorm
packetstorm
Ivanti Virtual Traffic Manager Authentication Bypass
2024-08-31 00:00:00
vulnrichment
vulnrichment
CVE-2024-7593
2024-08-13 18:17:47
thn
thn
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 08/30/2024
2024-08-30 18:43:05
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
High
EPSS
0.937
Percentile
99.2%
Related for CVE-2024-7593