CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

First published: Tue Aug 13 2024(Updated: )

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Credit: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/bleeping-computer
• source/BleepingComputer
• alias/CVE-2024-7593
• alias/CVE-2024-7569
• alias/CVE-2024-22024
• alias/CVE-2023-46805
• alias/CVE-2024-21887
• alias/CVE-2024-21893
• agent/weakness
• agent/type
• agent/first-publish-date
• agent/severity
• agent/title
• agent/remedy
• agent/description
• exploited/true
• collector/cisa-known-exploited
• source/CISA
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• agent/softwarecombine
• collector/nvd-api
• source/NVD
• agent/last-modified-date
• collector/mitre-cve
• source/MITRE
• collector/nvd-cve
• agent/author
• agent/references
• agent/event
• agent/tags
• collector/epss-latest
• source/FIRST
• agent/epss
• collector/the-register
• source/The Register
• alias/CVE-2024-8956
• alias/CVE-2024-8957
• vendor/ivanti
• canonical/ivanti virtual traffic manager
• canonical/ivanti virtual traffic management
• version/ivanti virtual traffic management/22.2
• version/ivanti virtual traffic management/22.3
• version/ivanti virtual traffic management/22.3-r2
• version/ivanti virtual traffic management/22.5-r1
• version/ivanti virtual traffic management/22.6-r1
• version/ivanti virtual traffic management/22.7-r1