overview
A critical flaw has been discovered in Ivanti, Virtual Traffic Manager (vTM) that could be exploited to allow an unauthenticated attacker to remotely create a rogue account with administrative privileges within the target network.
Tracked as CVE-2024-7593, this vulnerability results from incorrect implementation of an authentication algorithm in different versions of vTM 22. Ivanti has rolled out security updates for the impacted versions, and more information can be found here.
At this time, we are not aware of a proof-of-concept for exploit or of any successful exploit attempts but we will continue to monitor.
how avertium is protecting our customers
IOCs ADDED TO OUR THREAT FEEDS
At this time, there are no known IoCs associated with successful exploit of CVE-2024-7593. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
TTPs TO MONITOR
1. Initial Access (TA0001):
- Vulnerabilities such as this allow attackers to achieve access without authenticating. In such cases, monitoring admin activity is the best way to detect the attack. Please speak with your Service Delivery Manager to ensure Avertium is monitoring Admin account activity.
2. Execution (TA0002):
- An attacker with administrative privileges can execute almost anything on a victim network. To ensure unauthorized programs are blocked in your environment, please speak with your Service Delivery Manager about Endpoint Protection. Also, please ensure that changes to Endpoint Protection and Security monitoring will alert the necessary individuals within your organization.
3. Persistence (TA0003):
- An attacker with administrative privileges will have an easy time maintaining persistence in the environment. Please ensure that you conduct regular audits of admin accounts. Please speak with your Service Delivery Manager if you have any questions around how Avertium can assist with this effort.
ADDITIONAL SERVICE OFFERINGS
- Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
- Security Information and Event Management (SIEM) - Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior.
- Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:
- Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment).
- Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK).
- Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).
SUPPORTING DOCUMENTATION