Ivanti vTM Auth bypass (CVE-2024-7593)
Description
Ivanti Virtual Traffic Manager (vTM) contains an authentication bypass vulnerability (CVE-2024-7593) that allows attackers to circumvent authentication controls using specially crafted URL paths. This critical flaw enables unauthorized access to the administrative interface without requiring valid credentials, affecting the security of the traffic management infrastructure.
Remediation
1. Immediately upgrade Ivanti Virtual Traffic Manager to the patched version as specified in the vendor security advisory (https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593).
2. If immediate patching is not possible, restrict network access to the vTM administrative interface using firewall rules or network segmentation to allow only trusted IP addresses.
3. Monitor vTM access logs for suspicious authentication attempts or unusual administrative activity, particularly requests with abnormal URL patterns.
4. After patching, review administrative accounts and recent configuration changes to ensure no unauthorized modifications were made.
5. Implement multi-factor authentication for administrative access if supported in the updated version.