CISA Known Exploited Vulnerability (KEV)
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
September 24, 2024
October 15, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-287 |
Improper Authentication |