On 12 August 2024, Ivanti announced a critical authentication bypass vulnerability in its Virtual Traffic Manager (vTM), identified as CVE-2024-7593. Ivanti Virtual Traffic Manager (vTM) is a software-based application delivery controller that manages traffic flow to ensure high performance, availability, and security for web applications. CVE-2024-7593 stems from a flaw in vTM’s authentication algorithm, enabling remote, unauthenticated attackers to bypass the admin panel in vulnerable vTM instances. Ivanti has stated the attack surface for this vulnerability can be reduced by pointing the management interface to a private IP address or an internal network.
Additionally, a critical vulnerability affecting only on-premises versions of Ivanti Neurons for ITSM, identified as CVE-2024-7569, has been patched. This information disclosure vulnerability allows unauthenticated attackers to obtain the Open ID Connect (OIDC) client secret through debug information.
Risk of Exploitation
Ivanti has stated that CVE-2024-7593 and CVE-2024-7569 have not been exploited so far, but they acknowledge that a proof of concept (PoC) is publicly available for CVE-2024-7593. Threat actors may target CVE-2024-7593 in the near term due to the publicly accessible PoC and ease of exploitation for vTM instances that are exposed to a threat actor.
Recommendations For CVE-2024-7593 & CVE-2024-7569
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version if available. Ivanti has stated patches for remaining supported versions will be released in the coming weeks.
| Product | Vulnerability | Affected Version | Fixed Version | Patch Availability |
| Ivanti Virtual Traffic Manager (vTM) | CVE-2024-7593 | 22.2 | 22.2R1 | Available |
| 22.3 | 22.3R3 | Week of August 19th | ||
| 22.3R2 | 22.3R3 | Week of August 19th | ||
| 22.5R1 | 22.5R2 | Week of August 19th | ||
| 22.6R1 | 22.6R2 | Week of August 19th | ||
| 22.7R1 | 22.7R2 | Available | ||
| Ivanti Neurons for ITSM (On-Premises) | CVE-2024-7569 | 2023.4 | 2023.4 w/ patch | 2023.4 Patch mirrors: [USA/EU/ASIA] |
| 2023.3 | 2023.3 w/ patch | 2023.3 Patch mirrors: [USA/EU/ASIA] | ||
| 2023.2 | 2023.2 w/ patch | 2023.2 Patch mirrors: [USA/EU/ASIA] |
- Note: The patch has been applied to all Ivanti Neurons for ITSM Cloud instances as of August 4th. No further action is required for cloud customers.
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
