CVE-2024-7593: 
Ivanti Virtual Traffic Manager vulnerability analysis and mitigation

CVE-2024-7593 is a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM). The vulnerability was discovered in August 2024 and affects multiple versions of vTM including 22.7R1, 22.6R1, 22.5R1, 22.3R2, 22.3, and 22.2. The vulnerability stems from an incorrect implementation of an authentication algorithm that allows remote unauthenticated attackers to bypass authentication of the admin panel (NVD, Arctic Wolf).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. It is categorized under CWE-287 (Improper Authentication) and CWE-303 (Incorrect Implementation of Authentication Algorithm). The vulnerability allows attackers to exploit an access control issue in the vTM web interface, potentially enabling the addition of new administrative users (NVD, Rapid7).

The vulnerability poses a significant security risk as it allows unauthorized access to the admin panel, potentially giving attackers complete control over the traffic management system. The critical CVSS score of 9.8 indicates the potential for high impact on confidentiality, integrity, and availability of the affected systems (NVD).

Ivanti has released patches for versions 22.2R1 and 22.7R2, with additional patches for other affected versions scheduled for release. As a temporary mitigation, Ivanti recommends pointing the management interface to a private IP address or an internal network to reduce the attack surface. Organizations are strongly advised to upgrade to the latest fixed versions as soon as possible (Arctic Wolf).