Analysis Summary

On August 12, 2024, Ivanti disclosed a critical authentication bypass vulnerability in its Virtual Traffic Manager (vTM), CVE-2024-7593. This vulnerability stems from a flaw in the authentication algorithm of vTM, allowing remote, unauthenticated attackers to bypass the admin panel in vulnerable instances.

Ivanti suggested that the attack surface for this vulnerability can be minimized by configuring the management interface to use a private IP address or an internal network, thereby reducing exposure to potential threats. According to the researchers, Ivanti also addressed a critical vulnerability in the on-premises versions of Ivanti Neurons for ITSM, identified as CVE-2024-7569.

This information disclosure flaw could allow unauthenticated attackers to obtain the Open ID Connect (OIDC) client secret via debug information. While both vulnerabilities have not been exploited in the wild, the availability of a proof of concept (PoC) for CVE-2024-7593 increases the risk of imminent exploitation, especially for vTM instances exposed to the internet.

To mitigate these risks, Ivanti strongly recommends that customers upgrade to the latest fixed versions of the affected software. Ivanti has assured that patches for the remaining supported versions will be released in the coming weeks, and customers are urged to implement these updates promptly to protect their systems from potential attacks.

Impact

• Information Disclosure
• Security Bypass

Indicators of Compromise

CVE

• CVE-2024-7593
• CVE-2024-7569

Affected Vendors

Remediation

• Refer to the Ivanti Website for patch, upgrade, or suggested workaround information.
• Organizations must test their assets for the vulnerability mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.