Attack on vulnerability in Ivanti Virtual Traffic Manager observed
An abuse attempt was observed for the critical vulnerability in Ivanti's Virtual Traffic Manager (vTM). All patches are now available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Last week, a critical vulnerability in Ivanti's Virtual Traffic Manager (vTM) became known. Now IT researchers have discovered an exploit attempt based on a publicly available proof-of-concept exploit. Admins should update the software quickly - updates are now available for all supported versions.
The Shadowserver Foundation has announced on X, formerly Twitter, that it has found very few Ivanti vTM devices openly accessible on the Internet. However, on Saturday last weekend, the group observed an attempt to abuse the vulnerability based on a publicly available proof-of-concept exploit.
Updated security advisory from Ivanti
Ivanti has also updated the warning message on the critical vulnerability CVE-2024-7593 (CVSS 9.8, risk"critical") in Virtual Traffic Manager. The leak allows attackers to bypass authentication and create administrative users and thus take over vulnerable devices. Patches for all supported versions have been available since Monday of this week.
The vulnerabilities are patched in Ivanti Virtual Traffic Manager versions 22.2R1, 22.3R3, 22.5R2, 22.6R2 and 22.7R2. The new versions available since Monday are 22.3R3, 22.5R2 and 22.6R2. IT managers should install the updated software as soon as possible.
In the updated announcement, Ivanti continues to state that it is not aware of any active abuse of the vulnerability. However, the manufacturer does provide information on how admins can detect possible compromises. In the worst case scenario, the "Audit Logs Output", for example, contains information that users have been added to the Admin group, but without entries for USER, GROUP, AUTH or IP.
Last week, Ivanti warned of a number of security vulnerabilities in several products. Ivanti Avalanche, Neurons for ITSM and Virtual Traffic Manager (vTM) were affected. Among other things, the vulnerabilities allowed attackers to completely compromise systems.
(dmk)