Vulnerability Details CVE-2024-7593
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Ransomware Campaign
Unknown
Products affected by CVE-2024-7593
-
cpe:2.3:a:ivanti:virtual_traffic_management:22.2
-
cpe:2.3:a:ivanti:virtual_traffic_management:22.3
-
cpe:2.3:a:ivanti:virtual_traffic_management:22.5
-
cpe:2.3:a:ivanti:virtual_traffic_management:22.6
-
cpe:2.3:a:ivanti:virtual_traffic_management:22.7