Ivanti Virtual Traffic Manager Flaw Let Hackers Create Rogue Admin Accounts
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Ivanti Virtual Traffic Manager has been discovered with a critical vulnerability which was associated with authentication bypass. This vulnerability has been assigned with CVE-2024-7593 and the severity was given as 9.8 ( Critical ).
However, Ivanti has patched this vulnerability and released a security advisory to address it.
Ivanti confirmed that there is no evidence of active exploitation of this vulnerability, and a proof of concept for it is publicly available.
Ivanti Virtual Traffic Manager Vulnerability
This vulnerability allows an unauthenticated remote threat actor to bypass the admin panel authentication and perform malicious actions.
Further, a threat actor can also create an administrator account on the vulnerable Ivanti instances as a backdoor.
This particular vulnerability exists due to the incorrect implementation of the authentication algorithm in Ivanti vTM. Nevertheless, this vulnerability exists in all versions of Ivanti vTM other than versions 22.2R1 or 22.7R2.
Ivanti customers who have their management interface inside an internal network or Private IP have reduced attack surface.
Ivanti also advises its users to restrict access to the management interface and ensure they are placed on a private IP with restricted access.
Additionally, Ivanti users are advised to upgrade their Ivanti instances with the latest available patch 22.2R1 (released 26 March 2024) or 22.7R2 (released 20 May 2024) for fixing this vulnerability.
Product NameAffected Version(s)Resolved Version(s)Patch AvailabilityIvanti Virtual Traffic Manager22.222.2R1 Available Ivanti Virtual Traffic Manager22.322.3R3Week of August 19thIvanti Virtual Traffic Manager22.3R222.3R3Week of August 19thIvanti Virtual Traffic Manager22.5R122.5R2Week of August 19thIvanti Virtual Traffic Manager22.6R122.6R2Week of August 19thIvanti Virtual Traffic Manager22.7R122.7R2 Available Affected version (Source: Ivanti)
Workaround
As a workaround for this vulnerability, Ivanti instructs their users to follow the below steps to limit Admin access to the Management interface internal on the network through private or corporate network. The steps are as follows:
Source ; Ivanti
To check if the instances are terminated, they can review the “ Audit Logs Output ” to see if an admin user is added.
Users are advised to keep all of the instances updated to the latest version to prevent the exploitation of this vulnerability. Ivanti also list End of Engineering and End of Support schedule for Ivanti vTM, it can be found here.
“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program,” Ivanti added.
#Cyber_Security #Cyber_Security_News #Network_Security #Vulnerability #cybersecurity #Ivanti #vulnerability
Оригинальная версия на сайте:
Ivanti Virtual Traffic Manager Flaw Let Hackers Create Rogue Admin Accounts
Author: EswarIvanti Virtual Traffic Manager has been discovered with a critical vulnerability which was associated with authentication bypass. This vulnerability has been assigned with CVE-2024-7593 and the severity was given as 9.8 ( Critical ).
However, Ivanti has patched this vulnerability and released a security advisory to address it.
Ivanti confirmed that there is no evidence of active exploitation of this vulnerability, and a proof of concept for it is publicly available.
Ivanti Virtual Traffic Manager Vulnerability
This vulnerability allows an unauthenticated remote threat actor to bypass the admin panel authentication and perform malicious actions.
Further, a threat actor can also create an administrator account on the vulnerable Ivanti instances as a backdoor.
This particular vulnerability exists due to the incorrect implementation of the authentication algorithm in Ivanti vTM. Nevertheless, this vulnerability exists in all versions of Ivanti vTM other than versions 22.2R1 or 22.7R2.
Ivanti customers who have their management interface inside an internal network or Private IP have reduced attack surface.
Ivanti also advises its users to restrict access to the management interface and ensure they are placed on a private IP with restricted access.
Additionally, Ivanti users are advised to upgrade their Ivanti instances with the latest available patch 22.2R1 (released 26 March 2024) or 22.7R2 (released 20 May 2024) for fixing this vulnerability.
Product NameAffected Version(s)Resolved Version(s)Patch AvailabilityIvanti Virtual Traffic Manager22.222.2R1 Available Ivanti Virtual Traffic Manager22.322.3R3Week of August 19thIvanti Virtual Traffic Manager22.3R222.3R3Week of August 19thIvanti Virtual Traffic Manager22.5R122.5R2Week of August 19thIvanti Virtual Traffic Manager22.6R122.6R2Week of August 19thIvanti Virtual Traffic Manager22.7R122.7R2 Available Affected version (Source: Ivanti)
Workaround
As a workaround for this vulnerability, Ivanti instructs their users to follow the below steps to limit Admin access to the Management interface internal on the network through private or corporate network. The steps are as follows:
- In the VTM server, go to System > Security then click the drop down for the Management IP Address and Admin Server Port section
- Click the “ bindip “, select the Management Interface IP Address .
- As an alternative, users can also use the setting directly above the “ bindip ” setting to restrict access to trusted IP addresses, further restricting who can access the interface.
Source ; IvantiTo check if the instances are terminated, they can review the “ Audit Logs Output ” to see if an admin user is added.
Users are advised to keep all of the instances updated to the latest version to prevent the exploitation of this vulnerability. Ivanti also list End of Engineering and End of Support schedule for Ivanti vTM, it can be found here.
“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program,” Ivanti added.
#Cyber_Security #Cyber_Security_News #Network_Security #Vulnerability #cybersecurity #Ivanti #vulnerability
Оригинальная версия на сайте:
