Read more: informationsecuritybuzz.com
The Ivanti Virtual Traffic Manager (vTM), a software-based Application Delivery Controller (ADC), has been found to be vulnerable to a critical authentication bypass flaw, CVE-2024-7593. This vulnerability has been actively exploited by malicious actors and has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, making it an urgent priority for organizations to patch. The vulnerability allows attackers to bypass authentication on publicly exposed vTM admin panels, potentially creating unauthorized administrator accounts. This could grant attackers full control over the vTM system, leading to data breaches, system compromises, and disruption of services.