From 647e27ee5f9e160150c03ea44bea799cf937d8b4 Mon Sep 17 00:00:00 2001
From: Nosaj <43643214+jasonkasih@users.noreply.github.com>
Date: Wed, 4 Sep 2024 11:32:10 +0800
Subject: [PATCH] Create
 20240904001-Ivanti-Critical-Vulnerability-PoC-Published.md (#970)

* Create 20240904001-Ivanti-Critical-Vulnerability-PoC-Published.md

Ivanti Critical Vulnerability PoC Published - 20240904001

* Format markdown docs

* Update 20240904001

Updated content to match the Template.

* Format markdown docs

---------

Co-authored-by: jasonkasih <jasonkasih@users.noreply.github.com>
Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
Co-authored-by: JadonWill <JadonWill@users.noreply.github.com>
---
 ...ti-Critical-Vulnerability-PoC-Published.md | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 docs/advisories/20240904001-Ivanti-Critical-Vulnerability-PoC-Published.md

diff --git a/docs/advisories/20240904001-Ivanti-Critical-Vulnerability-PoC-Published.md b/docs/advisories/20240904001-Ivanti-Critical-Vulnerability-PoC-Published.md
new file mode 100644
index 00000000..cc587152
--- /dev/null
+++ b/docs/advisories/20240904001-Ivanti-Critical-Vulnerability-PoC-Published.md
@@ -0,0 +1,22 @@
+# Ivanti Critical Vulnerability PoC Published - 20240904001
+
+## Overview
+
+Ivanti released updates for Ivanti Virtual Traffic Manager (vTM) which addressed a critical vulnerability. Successful exploitation could lead to authentication bypass and creation of an administrator user.
+
+## What is vulnerable?
+
+| Product(s) Affected            | Version(s)                                                                                                                | CVE #                                                           | CVSS v4/v3 | Severity |
+| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---------- | -------- |
+| Ivanti Virtual Traffic Manager | 22.2 \< 22.2R1 <br> 22.3 \< 22.3R3 <br>22.3R2 \< 22.3R3 <br> 22.5R1 \< 22.5R2 <br> 22.6R1 \< 22.6R2 <br> 22.7R1 \< 22.7R2 | [CVE-2024-7593](https://nvd.nist.gov/vuln/detail/CVE-2024-7593) | 9.8        | Critical |
+
+## What has been observed?
+
+Ivanti is not aware of any customers being exploited by this vulnerability at the time of disclosure, however a Proof of Concept is publicly available.
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Vendor article: <https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US>