CVE-2024-7593

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:virtual_traffic_management:22.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.3:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.3:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.7:r1:*:*:*:*:*:*

History

06 Sep 2024, 22:13

Type Values Removed Values Added
Summary
  • (es) La implementación incorrecta de un algoritmo de autenticación en Ivanti vTM que no sea la versión 22.2R1 o 22.7R2 permite que un atacante remoto no autenticado omita la autenticación del panel de administración.
First Time Ivanti virtual Traffic Management
Ivanti
References () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593 - () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593 - Mitigation, Patch, Vendor Advisory
CPE cpe:2.3:a:ivanti:virtual_traffic_management:22.3:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.3:-:*:*:*:*:*:*

13 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 19:15

Updated : 2024-09-25 01:00


NVD link : CVE-2024-7593

Mitre link : CVE-2024-7593

CVE.ORG link : CVE-2024-7593


JSON object : View

Products Affected

ivanti

  • virtual_traffic_management
CWE
CWE-287

Improper Authentication

CWE-303

Incorrect Implementation of Authentication Algorithm