Josef 'Corgi' Smidrkal

Here goes Ivanti again.
CVE-2024-7593 on Virtual Traffic Manager (vTM), allowing remote unauthenticated attackers to bypass authentication and create admin accounts.

CVSSv2: 10, CVSSv3: 9.8

https://www.tenable.com/cve/CVE-2024-7593
https://www.cert.europa.eu/publications/security-advisories/2024-078/

CVE-2024-7593

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Aug 14, 2024 at 11:12amWeb