Ivanti, a company providing IT management solutions, recently released updates for its Virtual Traffic Manager (vTM) to address a critical vulnerability.
CVE-2024-7593 vulnerability allowed remote unauthenticated attackers to bypass the admin panel’s authentication.
Ivanti’s swift response in releasing patches and advising customers to upgrade to the latest versions highlights the industry’s proactive stance in addressing potential security threats.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!
CVE-2024-7593 – Vulnerability Details
| CVE Number | Description | CVSS Score (Severity) | CVSS Vector | CWE |
| CVE-2024-7593 | Incorrect implementation of an authentication algorithm in Ivanti vTM | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-287, CWE-303 |
| Product Name | Affected Version(s) | Resolved Version(s) | Patch Availability |
| Ivanti Virtual Traffic Manager | 22.2 | 22.2R1 | Available |
| Ivanti Virtual Traffic Manager | 22.3 | 22.3R3 | Available |
| Ivanti Virtual Traffic Manager | 22.3R2 | 22.3R3 | Available |
| Ivanti Virtual Traffic Manager | 22.5R1 | 22.5R2 | Available |
| Ivanti Virtual Traffic Manager | 22.6R1 | 22.6R2 | Available |
| Ivanti Virtual Traffic Manager | 22.7R1 | 22.7R2 | Available |
The Ivanti breach and subsequent settlement highlight the critical importance of cybersecurity in today’s digital landscape.
As companies continue to handle vast amounts of sensitive data, ensuring robust security measures is not just a legal obligation but a fundamental responsibility.
The tech industry must remain vigilant, continuously updating and strengthening its defenses against potential threats to safeguard user privacy and trust.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
.webp?w=100&resize=100,70&ssl=1 "Top 10 Best Autonomous Endpoint Management Tools in 2025")
