Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Third Recent Ivanti Vulnerability Exploited in the Wild

CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild.

Ivanti vulnerability

A vulnerability affecting Ivanti’s Virtual Traffic Manager application delivery controller is being exploited in the wild. This is the third flaw for which Ivanti customers have received such a warning within the past two weeks. 

The latest is CVE-2024-7593, a critical Virtual Traffic Manager (vTM) authentication bypass vulnerability that allows a remote, unauthenticated attacker to create an administrator account. 

Ivanti announced patches for CVE-2024-7593 on August 12 and later the company updated its advisory to inform customers that while it had not been aware of in-the-wild exploitation a proof-of-concept (PoC) exploit had been made available.

At the time of writing, SecurityWeek has not seen any public reports describing attacks involving CVE-2024-7593, but CISA on Tuesday added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. 

Ivanti has made available not only fixes, but also recommendations for limiting exploitability, as well as indicators of compromise (IoCs). However, it has yet to update the advisory to mention malicious exploitation. 

Censys has reported seeing 97 internet-exposed Ivanti vTM instances and ZoomEye has seen 164 this year, a majority in the United States and Japan. 

CVE-2024-7593 was added to CISA’s KEV list shortly after CVE-2024-8963 and CVE-2024-8190, which impact Ivanti’s Cloud Services Appliance (CSA) and which have been chained for unauthenticated remote code execution. 

It’s not uncommon for threat actors to exploit Ivanti product vulnerabilities. CISA currently has 20 entries in its KEV list for Ivanti vulnerabilities, some of which have been exploited to deliver backdoors and others to hack high-profile organizations such as MITRE and CISA.

Advertisement. Scroll to continue reading.

Related: MITRE Hack: China-Linked Group Breached Systems in December 2023

Related: Chinese Cyberspies Use New Malware in Ivanti VPN Attacks

Related: Governments Urge Organizations to Hunt for Ivanti VPN Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.