CVE-2024-7593

CVE Database · CVE-2024-7593

CVE-2024-7593

· CRITICALUndergoing Analysis

CVSS v3.1

9.8

EPSS

99.99%

Published

Aug 13, 2024

Modified

May 14, 2026

CISA Known Exploited Vulnerability

Added: 2024-09-24 · Due: 2024-10-15

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (5)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCD3N14LD15K/CVE-2024-7593_PoC_Exploit★9 GitHub PoCrxerium/CVE-2024-7593★0 GitHub PoCintel365/CVE-2024-7593★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287CWE-303CWE-287

Affected Products (6)

ivanti · virtual_traffic_managervulnerable

References (2)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

MitigationPatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs