 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a serious security weakness harming Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) database, based on evidence of active exploitation.
The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which might be exploited by a remote unauthenticated attacker to circumvent the authentication of the admin panel and establish rogue administrative users.
"Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account," CISA warned.
The problem was addressed by Ivanti in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August 2024.
The agency did not give any information on how the weakness is being weaponized in real-world assaults and who may be behind them, although Ivanti has previously indicated that a proof-of-concept (PoC) is publicly accessible.
In light of the current finding, Federal Civilian Executive Branch (FCEB) organizations are expected to repair the disclosed issue by October 15, 2024, to safeguard their networks.
In recent months, multiple weaknesses affecting Ivanti devices have come under active exploitation in the field, including CVE-2024-8190 and CVE-2024-8963.
The software services company confirmed that it's aware of a "limited number of customers" who have been targeted by both the vulnerabilities.
Data released by Censys reveals that there are 2,017 exposed Ivanti Cloud Service Appliance (CSA) instances available as of September 23, 2024, majority of which are situated in the U.S. It's presently not known how many of these are genuinely vulnerable.