Critical Vulnerability in Ivanti Virtual Traffic Manager

Published on 15 Aug 2024

Ivanti has released updates addressing a critical vulnerability (CVE-2024-7593) in their Virtual Traffic Manager. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10 and the Proof of Concept exploit is publicly available.

Successful exploitation of the vulnerability may allow an attacker to bypass authentication and create an administrator user.

The vulnerability affects Ivanti Virtual Traffic Manager versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1 and 22.7R1.

Users and administrators of product versions 22.2 and 22.7R1 are advised to update to the latest versions immediately. 

Users and administrators of other affected product versions are advised to monitor for software updates and apply the fixes immediately once available. In the meantime, they are encouraged to limit Admin Access to the Management Interface within the internal network via private or corporate network.

More information is available here: