CVE-2024-7593
CVE-2024-7593
In short
Ivanti vTM versions other than 22.2R1 or 22.7R2 have a flawed authentication system that allows attackers to access the admin panel without valid credentials. This is critical because it gives complete control of the system to unauthorized users.
Technical detail
The authentication algorithm in Ivanti vTM is incorrectly implemented (CWE-287), enabling remote attackers to bypass authentication controls (CWE-303) without pre-authentication. An unauthenticated threat actor can gain unauthorized access to the admin panel, resulting in full system compromise.
Summary generated and translated by AI from the official description.
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Ivanti · vTMpublic PoCs found — 3
githubgithub.com/D3N14LD15K/CVE-2024-7593_PoC_Exploit★ 9githubgithub.com/rxerium/CVE-2024-7593★ 0githubgithub.com/intel365/CVE-2024-7593★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →