Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
History

Tue, 24 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

kev

{'dateAdded': '2024-09-24'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti virtual Traffic Management
CPEs cpe:2.3:a:ivanti:virtual_traffic_management:22.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.3:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.3:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:virtual_traffic_management:22.7:r1:*:*:*:*:*:*
Vendors & Products Ivanti virtual Traffic Management

Thu, 15 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti virtual Traffic Manager
CPEs cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti virtual Traffic Manager
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
Description Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Weaknesses CWE-287
CWE-303
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published: 2024-08-13T18:17:47.248Z

Updated: 2024-09-24T19:45:51.448Z

Reserved: 2024-08-07T17:08:33.645Z

Link: CVE-2024-7593

cve-icon Vulnrichment

Updated: 2024-08-15T15:13:33.860Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-13T19:15:16.940

Modified: 2024-09-25T01:00:03.110

Link: CVE-2024-7593

cve-icon Redhat

No data.