2025-1-8 19:16:44 Author: www.tenable.com(查看原文) 阅读量:28 收藏
January 8, 2025
4 Min Read
Ivanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day.
Background
On January 8, Ivanti published a security advisory for two vulnerabilities affecting multiple products including Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for Zero Trust Access (ZTA) gateways:
| CVE | Description | CVSSv3 |
|---|---|---|
| CVE-2025-0282 | Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA gateways Stack-based Buffer Overflow Vulnerability | 9.0 |
| CVE-2025-0283 | Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA gateways Stack-based Buffer Overflow Vulnerability | 7.0 |
Analysis
CVE-2025-0282 is a stack-based buffer overflow vulnerability in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA gateways. An unauthenticated, remote attacker that successfully exploits this flaw would obtain remote code execution on a vulnerable device.
CVE-2025-0283 is also a stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA gateways. Unlike CVE-2025-0282, a local, authenticated attacker that successfully exploits this flaw would be able to elevate privileges on a vulnerable device.
In-the-wild exploitation observed for CVE-2025-0282
In a blog post, Ivanti confirmed that they have observed in-the-wild exploitation of CVE-2025-0282 in “a limited number of customers” of Ivanti Connect Secure devices. They reiterate that they have not observed exploitation against Ivanti Policy Secure or Neurons for ZTA gateways.
Historical exploitation of Ivanti Connect Secure
Ivanti Connect Secure, formerly known as Pulse Connect Secure, has been frequently targeted by attackers of all types, including advanced persistent threat (APT) groups as well as ransomware affiliates and opportunistic cybercriminals.
| CVE | Description | Tenable Publications | Year |
|---|---|---|---|
| CVE-2019-11510 | Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability | 1, 2, 3, 4, 5 | 2019 |
| CVE-2019-11539 | Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability | 1, 2, 3, 4 | 2019 |
| CVE-2020-8218 | Ivanti Pulse Connect Secure Code Injection Vulnerability | Tenable 2020 Threat Landscape Retrospective | 2020 |
| CVE-2020-8243 | Ivanti Pulse Connect Secure Code Injection Vulnerability | 1, 2 | 2020 |
| CVE-2020-8260 | Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability | 1, 2 | 2020 |
| CVE-2021-22893 | Ivanti Pulse Connect Secure Authentication Bypass Vulnerability | 1, 2 | 2021 |
| CVE-2021-22894 | Ivanti Pulse Connect Secure Buffer Overflow Vulnerability | CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild | 2021 |
| CVE-2021-22899 | Ivanti Pulse Connect Secure Command Injection Vulnerability | CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild | 2021 |
| CVE-2021-22900 | Ivanti Pulse Connect Secure Multiple Unrestricted Uploads Vulnerability | CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild | 2021 |
| CVE-2023-46805 | Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability | 1, 2 | 2024 |
| CVE-2024-21887 | Ivanti Connect Secure and Ivanti Policy Secure Command Injection Vulnerability | 1, 2 | 2024 |
| CVE-2024-21893 | Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability | CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways | 2024 |
Because of the historical exploitation of these devices, customers are strongly advised to apply the available patch for these flaws as soon as possible.
Proof of concept
At the time this blog post was published, there were no public proof-of-concept exploits for CVE-2025-0282 or CVE-2025-0283.
Solution
Ivanti has released the following patches for Connect Secure, Policy Secure and Neurons for ZTA Gateways.
| Affected Product | Affected Versions (CVE-2025-0282) | Affected Versions (CVE-2025-0283) | Fixed Version |
|---|---|---|---|
| Ivanti Connect Secure | 22.7R2 through 22.7R2.4 | 22.7R2.4 and below 9.1R18.9 and below | 22.7R2.5 |
| Ivanti Policy Secure | 22.7R1 through 22.7R1.2 | 22.7R1.2 and below | Unavailable until January 21 |
| Ivanti Neurons for ZTA gateways | 22.7R2 through 22.7R2.3 | 22.7R2.3 and below | 22.7R2.5 (Unavailable until January 21) |
Ivanti customers can utilize its Integrity Checker Tool (ICT) to identify exploitation of CVE-2025-0282.
For Connect Secure customers, Ivanti recommends performing a factory reset of devices prior to upgrading to version 22.7R2.5 “out of an abundance of caution” for those with clean ICT scan results and to “ensure any malware is removed” where ICT results “show signs of compromise.”
Identifying affected systems
A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages for CVE-2025-0282 and CVE-2025-0283 as they’re released. These links will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.
Tenable Attack Surface Management customers are able to quickly identify these assets by leveraging the built in subscription labeled Ivanti Connect Secure (ICS) - v1.
Get more information
- Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
- Security Update: Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Satnam Narang
Satnam joined Tenable in 2018. He has over 15 years experience in the industry (M86 Security and Symantec). He contributed to the Anti-Phishing Working Group, helped develop a Social Networking Guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder. He's appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.
Interests outside of work: Satnam writes poetry and makes hip-hop music. He enjoys live music, spending time with his three nieces, football and basketball, Bollywood movies and music and Grogu (Baby Yoda).
- Exposure Management
Cybersecurity news you can use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Try Tenable Web App Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Buy Tenable Web App Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
如有侵权请联系:admin#unsafe.sh