CVE-2024-7593
Summary
| CVE | CVE-2024-7593 |
|---|---|
| State | PUBLISHED |
| Assigner | ivanti |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-08-13 19:15:16 UTC |
| Updated | 2026-05-14 19:36:21 UTC |
| Description | Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.944360000 probability, percentile 0.999880000 (date 2026-06-01)
CISA KEV: Listed on 2024-09-24; due 2024-10-15; ransomware use Unknown
Problem Types: CWE-287 | CWE-303 | CWE-287 CWE-287 Improper Authentication | CWE-303 CWE-303 Incorrect Implementation of Authentication Algorithm
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA Known Exploited Vulnerability
| Vendor | Ivanti |
|---|---|
| Product | Virtual Traffic Manager |
| Name | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Notes | https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593 ; https://nvd.nist.gov/vuln/detail/CVE-2024-7593 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ivanti | Virtual Traffic Manager | 22.2 | All | All | All |
| Application | Ivanti | Virtual Traffic Manager | 22.3 | - | All | All |
| Application | Ivanti | Virtual Traffic Manager | 22.3 | r2 | All | All |
| Application | Ivanti | Virtual Traffic Manager | 22.5 | r1 | All | All |
| Application | Ivanti | Virtual Traffic Manager | 22.6 | r1 | All | All |
| Application | Ivanti | Virtual Traffic Manager | 22.7 | r1 | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Ivanti | VTM | unaffected 22.7R2 custom | Not specified |
| CNA | Ivanti | VTM | unaffected 22.2R1 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.7r1 22.7r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.2 22.2r1 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3r2 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.6r1 22.6r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.5r1 22.5r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.7r1 22.7r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.2 22.2r1 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3r2 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.6r1 22.6r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.5r1 22.5r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.7r1 22.7r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.2 22.2r1 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3r2 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.6r1 22.6r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.5r1 22.5r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.7r1 22.7r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.2 22.2r1 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3r2 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.6r1 22.6r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.5r1 22.5r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.7r1 22.7r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.2 22.2r1 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3r2 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.6r1 22.6r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.5r1 22.5r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.7r1 22.7r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.2 22.2r1 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.3r2 22.3r3 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.6r1 22.6r2 custom | Not specified |
| ADP | Ivanti | Virtual Traffic Manager | affected 22.5r1 22.5r2 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vT... | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | forums.ivanti.com | Mitigation, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2024-09-24T00:00:00.000Z | CVE-2024-7593 added to CISA KEV |
There are currently no legacy QID mappings associated with this CVE.