Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd3c1d8aa1-5a33-4ea4-8992-aadd6440af75NVD:CVE-2024-7593
HistoryAug 13, 2024 - 7:15 p.m.

CVE-2024-7593

2024-08-1319:15:16
CWE-287
CWE-303
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
web.nvd.nist.gov
6
authentication
ivanti vtm
bypass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.937

Percentile

99.2%

JSON

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Affected configurations

Nvd
Node
ivantivirtual_traffic_managementMatch22.2
OR
ivantivirtual_traffic_managementMatch22.3-
OR
ivantivirtual_traffic_managementMatch22.3r2
OR
ivantivirtual_traffic_managementMatch22.5r1
OR
ivantivirtual_traffic_managementMatch22.6r1
OR
ivantivirtual_traffic_managementMatch22.7r1
VendorProductVersionCPE
ivantivirtual_traffic_management22.2cpe:2.3:a:ivanti:virtual_traffic_management:22.2:*:*:*:*:*:*:*
ivantivirtual_traffic_management22.3cpe:2.3:a:ivanti:virtual_traffic_management:22.3:-:*:*:*:*:*:*
ivantivirtual_traffic_management22.3cpe:2.3:a:ivanti:virtual_traffic_management:22.3:r2:*:*:*:*:*:*
ivantivirtual_traffic_management22.5cpe:2.3:a:ivanti:virtual_traffic_management:22.5:r1:*:*:*:*:*:*
ivantivirtual_traffic_management22.6cpe:2.3:a:ivanti:virtual_traffic_management:22.6:r1:*:*:*:*:*:*
ivantivirtual_traffic_management22.7cpe:2.3:a:ivanti:virtual_traffic_management:22.7:r1:*:*:*:*:*:*

Related

cvelist 1
metasploit 1
githubexploit 1
nessus 1
vulnrichment 1
packetstorm 1
cve 1
thn 1
rapid7blog 1
cvelist
cvelist
CVE-2024-7593
2024-08-13 18:17:47
metasploit
metasploit
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
2024-08-14 01:00:06
githubexploit
githubexploit
Exploit for Improper Authentication in Ivanti Virtual Traffic Management
2024-08-26 11:03:00
nessus
nessus
Ivanti Virtual Traffic Manager (vTM) 22.2 < 22.2R1 / 22.3 < 22.3R3 / 22.5 < 22.5R2 / 22.6 < 22.6R2 / 22.7 < 22.7R2 Authentication Bypass (CVE-2024-7593)
2024-08-13 00:00:00
vulnrichment
vulnrichment
CVE-2024-7593
2024-08-13 18:17:47
packetstorm
packetstorm
Ivanti Virtual Traffic Manager Authentication Bypass
2024-08-31 00:00:00
cve
cve
CVE-2024-7593
2024-08-13 19:15:16
thn
thn
Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access
2024-08-14 05:18:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 08/30/2024
2024-08-30 18:43:05

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.937

Percentile

99.2%

JSON
Related for NVD:CVE-2024-7593
cvelist1metasploit1githubexploit1nessus1vulnrichment1packetstorm1cve1thn1rapid7blog1