Ivanti - Authentication Bypass (CVE-2024-7593)
0Exploiting IPs reported
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
CrowdSec analysis
CVE-2024-7593 is a critical vulnerability in Ivanti vTM that allows remote attackers to bypass authentication controls and access the admin panel without valid credentials due to flaws in the authentication algorithm.
CrowdSec has been tracking this vulnerability and its exploits since 20th of November 2024.
CrowdSec network data shows that most actors exploiting CVE-2024-7593 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. CrowdSec data also reveals a clear uptick in attacks involving CVE-2024-7593 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.
Attack patterns are expected to focus on endpoints related to the administration interface.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.