- 225/2024
- Critical
Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products.
The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Ivanti Virtual Traffic Manager (vTM ) Security Bypass (CVE-2024-7593):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Ivanti Neurons for ITSM Information Disclosure (CVE-2024-7569):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Affected Products:
- Ivanti Avalanche.
- Ivanti Neurons for ITSM.
- Ivanti Virtual Traffic Manager (vTM).
Vulnerabilities
- CVE-2024-7569
- CVE-2024-7570
- CVE-2024-7593
- CVE-2024-38652
- CVE-2024-36136
- CVE-2024-37399
- CVE-2024-37373
- CVE-2024-38653
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.