The Latest Cybersecurity Threat: Ivanti Virtual Traffic Manager Exploited in the Wild
A critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
This alarming news has prompted CISA to add the bug to its list of Known Exploited Vulnerabilities (KEV) on September 24. Federal agencies have until October 15 to patch this vulnerability. However, Ivanti has yet to update its security advisory to reflect this critical information.
The security advisory, first published on August 12 and last updated on September 4, warned customers about the vulnerability. It stated, “We are not aware of any customers being exploited by this vulnerability at the time of disclosure. However, a Proof of Concept is publicly available, and we urge customers to upgrade to the latest patched version.”
It has now been confirmed that threat actors are actively exploiting this vulnerability, but the extent of the exploitation remains unknown. CISA has also raised concerns about whether this flaw is being used in ransomware attacks.
The vulnerability in question, CVE-2024-7593, has been assigned a CVSS score of 9.8, indicating its severity. This vulnerability could potentially allow an attacker to bypass authentication and create a new user with admin rights.
According to the description, “Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.”
In addition to patching the vulnerability, Ivanti has provided advice for customers on how to limit exploitability. “Customers who have ensured their management interface is bound to an internal network or private IP address have significantly reduced their attack surface,” the advisory noted. “It is industry best practice and advised by Ivanti in the network configuration guidance to restrict access to the management interface.”
Ivanti products have been a frequent target for threat actors, with zero-day exploits particularly common in its gateway and VPN appliances, as well as mobile device management software. In the first month of 2024 alone, the vendor released patches for four vulnerabilities, two of which were exploited as zero-days by Chinese threat actors.
Stay informed about cybersecurity threats and vulnerabilities. Protect your systems and data by staying vigilant and proactive in securing your digital infrastructure.