CVE-2024-7593

CRITICAL KEV NUCLEI

Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)

Title source: metasploit

Exploitation Summary

CVE-2024-7593 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 24, 2024. EIP tracks 7 public exploits from researchers including D3N14LD15K, rxerium, intel365, including a Metasploit module auxiliary/admin/http/ivanti_vtm_admin. A Nuclei detection template is also available.

AI-analyzed exploit summary This Bash script exploits an authentication bypass vulnerability in Ivanti vTM (CVE-2024-7593) by creating a new admin user via a crafted POST request. It uses curl to send the payload and checks the response for success.

Description

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Exploits (7)

nomisec WORKING POC 9 stars

by D3N14LD15K · remote

https://github.com/D3N14LD15K/CVE-2024-7593_PoC_Exploit

View Code ZIP pw:eip

This Bash script exploits an authentication bypass vulnerability in Ivanti vTM (CVE-2024-7593) by creating a new admin user via a crafted POST request. It uses curl to send the payload and checks the response for success.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Ivanti vTM

No auth needed

Prerequisites: curl installed · network access to target host and port

MITRE ATT&CK

T1110.001 - Password Guessing T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER

by rxerium · poc

https://github.com/rxerium/CVE-2024-7593

View Code ZIP pw:eip

This repository provides a Nuclei template for detecting CVE-2024-7593, an authentication bypass vulnerability in Ivanti Virtual Traffic Manager. It matches specific versions and a login page string to identify vulnerable hosts.

Classification

Scanner 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Ivanti Virtual Traffic Manager versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, 22.7R1

No auth needed

Prerequisites: Nuclei installed · Target URL or host

MITRE ATT&CK

T1110 - Brute Force T1589 - Gather Victim Identity Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by intel365 · poc

https://github.com/intel365/CVE-2024-7593

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-7593, an authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM). The exploit uses a YAML-based Nuclei template to create a local admin user and then authenticate as that user, bypassing authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Ivanti Virtual Traffic Manager (vTM) versions other than 22.2R1 or 22.7R2

No auth needed

Prerequisites: Network access to the target Ivanti vTM management interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Jun 08, 2026 Full analysis →

nomisec WORKING POC

by kernel364 · poc

https://github.com/kernel364/CVE-2024-7593

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-7593, an authentication bypass vulnerability in Ivanti vTM. The exploit uses a YAML-based HTTP request sequence to create an admin user and then authenticate as that user, bypassing the authentication mechanism.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Ivanti Virtual Traffic Manager (vTM) versions other than 22.2R1 or 22.7R2

No auth needed

Prerequisites: Network access to the target Ivanti vTM management interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 24, 2026 Full analysis →

nomisec WRITEUP

by voidbroker · poc

https://github.com/voidbroker/CVE-2024-7593

View Code ZIP pw:eip

This repository contains a writeup for CVE-2024-7593, a critical RCE vulnerability in Pulse Secure VPN. It includes technical details, affected versions, mitigation measures, and search dorks for identifying vulnerable systems.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Pulse Secure VPN (specific versions not detailed)

Auth required

Prerequisites: Authenticated access to the management interface

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

vulncheck_xdb WORKING POC

remote

https://github.com/0xlf/CVE-2024-7593

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-7593, an authentication bypass vulnerability in Ivanti vTM. The YAML file includes HTTP requests to create a local admin user and bypass authentication, demonstrating the vulnerability.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Ivanti Virtual Traffic Manager (vTM)

No auth needed

Prerequisites: network access to the target Ivanti vTM instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 25, 2026 Full analysis →

metasploit WORKING POC

by Michael Heinzl, ohnoisploited, mxalias · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/ivanti_vtm_admin.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) by adding a new administrative user via a crafted POST request. It verifies the vulnerability by checking the version and confirms successful exploitation by logging in with the newly created credentials.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Ivanti Virtual Traffic Manager (vTM) versions 22.7R1 and below

No auth needed

Prerequisites: Network access to the target's web interface (port 9090 by default) · SSL enabled on the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Ivanti vTM - Authentication Bypass

CRITICALVERIFIEDby gy741

Shodan: http.favicon.hash:1862800928 || html:"apps/zxtm/login.cgi"

References (2)

Core 2

Core References

Mitigation, Patch, Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593

Scores

CVSS v3 9.8

EPSS 0.9444

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-09-24

VulnCheck KEV 2024-08-06

InTheWild.io 2024-08-19

ENISA EUVD EUVD-2024-48489

CWE

CWE-287 CWE-303

Status published

Products (10)

ivanti/virtual_traffic_management 22.2

ivanti/virtual_traffic_management 22.3 (2 CPE variants)

ivanti/virtual_traffic_management 22.5 r1

ivanti/virtual_traffic_management 22.6 r1

ivanti/virtual_traffic_management 22.7 r1

ivanti/virtual_traffic_manager 22.2

ivanti/virtual_traffic_manager 22.3 (2 CPE variants)

ivanti/virtual_traffic_manager 22.5 r1

ivanti/virtual_traffic_manager 22.6 r1

ivanti/virtual_traffic_manager 22.7 r1

Published Aug 13, 2024

KEV Added Sep 24, 2024

Tracked Since Feb 18, 2026