Ivanti closes admin gap in Virtual Traffic Manager, among other things
Critical security vulnerabilities threaten Ivanti products. No attacks are known yet. Not all updates are available yet.
Vulnerabilities threaten appliances.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers can target several vulnerabilities in Ivanti Avalanche, Neurons for ITSM or Virtual Traffic Manager (vTM) and, in the worst case, compromise systems completely. Ivanti assures that they currently have no information about ongoing attacks.
Admin gap
According to a warning message, remote attackers can create users with admin rights without authentication by successfully exploiting a"critical" vulnerability (CVE-2024-7593) in vTM. According to the developers, attacks are possible because an authentication algorithm has been implemented incorrectly.
Videos by heise
So far, only the secured vTM versions 22.2R1 and 22.7R7 have been released. Further security updates are to be released in the coming week. In order to reduce the attack surface for this and similar attacks, admins should generally restrict access to management interfaces.
Further dangers
A"critical" vulnerability (CVE-2024-7569) affects Neurons for ITSM if OIDC authentication is used, the developers write in a post. If this is the case, an attacker can view the OIDC client secret without logging in. A second vulnerability (CVE-2024-7570"high") allows a remote attacker to access connections as a man-in-the-middle. The issues 2023.2 W/ patch, 2023.3 w/ patch and 2023.4 w/ patch provide a remedy here.
Avalance is threatened by five security vulnerabilities, Ivanti lists in a warning message. In the worst case, attackers can carry out DoS attacks (CVE-2024-38652"high") or read files on servers (CVE-2024-38653"high"), among other things. The developers state that they have solved the security problems in version 6.4.4.
(des)
