vendor:
vADC
by:
ohnoisploited
6.1
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: vADC
Affected Version From: 9.9
Affected Version To: 45544
Patch Exists: YES
Related CWE: CVE-2024-XXXX (To be assigned)
CPE: a:ivanti:vadc:9.9
Platforms Tested: Linux
2024
Ivanti vADC 9.9 – Authentication Bypass
The Ivanti vADC version 9.9 is susceptible to an authentication bypass vulnerability. By sending a crafted request to the wizard.fcgi endpoint with specific parameters, an attacker can create a new admin user without proper authentication, leading to unauthorized access to the system.
Mitigation:
To mitigate this vulnerability, it is recommended to update to fixed versions 22.7R2 and above.