CVE-2024-7593
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ivanti | vTM | 22.7R2 | unaffected |
| Ivanti | vTM | 22.2R1 | unaffected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
- CWE-303: CWE-303 Incorrect Implementation of Authentication Algorithm
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.