Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
CriticalCISA KEVExploited in the wildPublic exploit

Authentication Bypass in Ivanti Virtual Traffic Manager (vTM) Admin Panel

IdentifiersCVE-2024-7593CWE-303· Incorrect Implementation of…

CVE-2024-7593 is a critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM). According to the provided content, the flaw is caused by an incorrect implementation of an authentication algorithm and affects Ivanti vTM versions prior to 22.2R1 and 22.7R2. A remote unauthenticated attacker can exploit the issue to bypass authentication on the vTM administrative panel. The content further indicates that exploitation can be used to access the management interface and create unauthorized administrator accounts.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated remote attacker to gain access to the Ivanti vTM admin panel without valid credentials and create rogue administrator accounts. This provides unauthorized administrative control over the affected device and, as noted in the supporting content, can potentially lead to full system compromise and follow-on malicious activity.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict access to the vTM management/admin interface to trusted networks and administrators only, as indicated in the content. Apply the vendor-published workaround referenced in the advisory, monitor for suspicious administrative activity, and review audit logs for anomalous or unauthenticated adduser/admin-group events that may indicate exploitation.

Remediation

Patch, then assume compromise.

Upgrade Ivanti Virtual Traffic Manager to a fixed release, specifically 22.2R1, 22.7R2, or a later vendor-approved patched version, as referenced in the provided content. Follow Ivanti's official security advisory for product-specific verification steps and any additional recovery or compromise-assessment guidance. Investigate affected systems for unauthorized administrator account creation and other signs of compromise.
PUBLIC EXPLOITS

Exploits

1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos (1 hidden).

VALID 1 / 2 TOTALView more in app
CVE-2024-7593_PoC_ExploitMaturityPoCVerified exploit

This repository contains a Bash proof-of-concept exploit for CVE-2024-7593, an authentication bypass vulnerability in Ivanti vTM. The main file, CVE-2024-7593.sh, is a script that allows an attacker to create a new admin user on a vulnerable Ivanti vTM instance by sending a crafted HTTP POST request to the management interface at /apps/zxtm/wizard.fcgi. The script requires the attacker to specify the target host and port, and interactively prompts for the new admin username and password. If successful, it reports the credentials for the new admin user. The exploit leverages the network attack vector and targets the HTTPS management interface of Ivanti vTM. The repository also includes a README.md with usage instructions and background information. No hardcoded endpoints or credentials are present; the script is interactive and requires user input for the target and credentials.

D3N14LD15KDisclosed Sep 24, 2024bashnetwork
EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
IvantiVirtual Traffic Managementapplication
IvantiVirtual Traffic Managerapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
splunk researchNews
Feb 25, 2026
Detection: Ivanti VTM New Account Creation | Splunk Security Content

An authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) that allows unauthenticated remote attackers to access the admin panel and create new administrator accounts.

Read more
zeropath blogNews
May 13, 2025
Ivanti Neurons for ITSM Hit by Critical Auth Bypass (CVE-2025-22462): Immediate Action Required - ZeroPath Blog | ZeroPath

An authentication bypass vulnerability for which the content states publicly available exploit code exists.

Read more
picus security blogNews
Oct 4, 2024
Microsoft Warns of Storm-0501 Group Deploying Ransomware to Hybrid Cloud Environments

A critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) allowing remote attackers to create unauthorized administrator accounts.

Read more
vulncheck blogNews
Sep 4, 2024
VulnCheck Initial Access Intelligence Update - August 2024

An authentication bypass vulnerability in Ivanti vTM.

Read more
+3 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures3

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2024-7593
NVD
nvd.nist.gov/vuln/detail/CVE-2024-7593
MITRE CWE · CWE-303
Incorrect Implementation of Authentication…
Patch
forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593