Ethical Hacking News
A critical Ivanti vTM application delivery controller vulnerability is currently being actively exploited by threat actors, allowing remote unauthenticated attackers to bypass authentication on Internet-exposed vTM admin panels. This vulnerability could potentially lead to the creation of rogue administrator users, posing significant risks to organizations relying on this application delivery controller to manage their network traffic and applications.
The Ivanti Virtual Traffic Manager (vTM) application delivery controller has a critical security vulnerability (CVE-2024-7593) that allows remote unauthenticated attackers to bypass authentication.The vulnerability was discovered due to an incorrect implementation of an authentication algorithm in the vTM software.Threat actors have already begun exploiting this vulnerability, and Ivanti's proof-of-concept exploit code was available on August 13.The impact of this vulnerability is significant, as it could allow attackers to manipulate system administrators and create new administrator accounts with elevated privileges.Ivanti has recommended restricting access to the vTM management interface and monitoring audit logs to mitigate the risk associated with this vulnerability.CISA has added the Ivanti vTM authentication bypass flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to secure vulnerable appliances within three weeks.
Critical Ivanti vTM auth bypass bug now exploited in attacks
By Sergiu Gatlan
September 24, 2024
01:03 PM
A critical security vulnerability in the Ivanti Virtual Traffic Manager (vTM) application delivery controller has been identified and is currently being actively exploited by threat actors. The vulnerability, tracked as CVE-2024-7593, allows remote unauthenticated attackers to bypass authentication on Internet-exposed vTM admin panels, potentially leading to the creation of rogue administrator users.
The Ivanti vTM is a software-based application delivery controller that provides load balancing and traffic management for hosting business-critical services. The vulnerability was discovered by researchers who found an incorrect implementation of an authentication algorithm in the vTM software. This error allows attackers to bypass the security measures in place, effectively granting them access to sensitive information and potentially allowing them to create new administrator accounts.
According to Ivanti, a proof-of-concept (PoC) exploit code for this vulnerability was already available on August 13, when the company released patches to address the issue. However, it has yet to update its security advisory to confirm active exploitation. Despite this, threat actors have already begun using the exploit to gain unauthorized access to vTM systems.
The impact of this vulnerability is significant, as it could allow attackers to manipulate system administrators and create new administrator accounts with elevated privileges. This could result in a wide range of consequences, including data breaches, unauthorized changes to system configurations, and potential disruption of critical business operations.
To mitigate the risk associated with this vulnerability, Ivanti has recommended several precautions. These include restricting access to the vTM management interface by binding it to an internal network or private IP address, as well as monitoring audit logs for new administrator accounts created via the GUI or publicly available exploit code.
Furthermore, CISA has added the Ivanti vTM authentication bypass flaw to its Known Exploited Vulnerabilities catalog, tagging it as actively exploited. As a result, federal agencies are now required to secure vulnerable appliances on their networks within three weeks by October 15. Private organizations worldwide are also advised to prioritize mitigating this security flaw to block ongoing attacks.
In recent months, several Ivanti flaws have been exploited as zero-days in widespread attacks targeting the company's VPN appliances and ICS, IPS, and ZTA gateways. Ivanti has taken steps to address these vulnerabilities by enhancing its internal scanning and testing capabilities. The company is also working on improving its responsible disclosure process to address potential security issues even faster.
Ivanti has over 7,000 partners globally, and its products are used by over 40,000 companies for system and IT asset management. The severity of this vulnerability highlights the importance of keeping software up-to-date and implementing robust security measures to protect against emerging threats.
The Ivanti vTM authentication bypass bug is a growing concern for organizations that rely on this application delivery controller to manage their network traffic and applications. As threat actors continue to exploit this vulnerability, it is essential for administrators to take immediate action to secure their systems and prevent unauthorized access.
In conclusion, the critical Ivanti vTM auth bypass bug now exploited in attacks underscores the importance of vigilance and proactive security measures in the face of emerging threats. By understanding the risks associated with this vulnerability and taking steps to mitigate them, organizations can reduce their risk exposure and protect against potential cyberattacks.
Related Information:
https://www.bleepingcomputer.com/news/security/critical-ivanti-vtm-auth-bypass-bug-now-exploited-in-attacks/
https://thehackernews.com/2024/09/cisa-flags-critical-ivanti-vtm.html
https://nvd.nist.gov/vuln/detail/CVE-2024-7593
https://www.cvedetails.com/cve/CVE-2024-7593/
Published: Wed Sep 25 23:48:06 2024 by llama3.2 3B Q4_K_M
