The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities catalog, as evidence of active exploitation emerged.
The vulnerability in question, identified as CVE-2024-7593 with a CVSS score of 9.8, enables a remote unauthenticated attacker to bypass admin panel authentication and create rogue administrative users.
CISA stated, “Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.”
The issue was addressed by Ivanti in various vTM versions in August 2024.
CISA did not disclose details about how the vulnerability is being exploited in real-world scenarios or the actors behind the attacks, but Ivanti had previously mentioned the availability of a public proof-of-concept (PoC).
As a result, Federal Civilian Executive Branch (FCEB) agencies must rectify the identified flaw by October 15, 2024, to protect their networks.
In recent months, several Ivanti vulnerabilities have been actively exploited, including CVE-2024-8190 and CVE-2024-8963.
Ivanti acknowledged targeting of a “limited number of customers” due to these issues.
Data from Censys indicates the presence of 2,017 exposed Ivanti Cloud Service Appliance instances online, with a majority in the U.S. The susceptibility of these instances remains unknown.