CVE-2025-0282

Published Jan 8, 2025

Last updated a month ago

Ivanti

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects several Ivanti network appliances, including Ivanti Connect Secure (versions prior to 22.7R2.5), Ivanti Policy Secure (versions prior to 22.7R1.2), and Ivanti Neurons for ZTA gateways (versions prior to 22.7R2.3). This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on affected systems. Exploitation of this vulnerability was first observed in mid-December 2024, and Ivanti disclosed the vulnerability on January 8, 2025. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog. It appears the vulnerability is related to the handling of IFT (IF-T) connections.

Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status: Analyzed

Insights

Analysis from the Intruder Security Team

Published Jan 9, 2025

Buffer Overflows such as this one require an advanced skillset, and time and knowledge to exploit. In addition, the exploit must be specific to the version that is targeted (as noted by Google Mandiant).

The recommendation is to fix according to your usual critical patching schedule, but prioritise over other criticals as this vulnerability has been added to the KEV list. That said, due to the complexities with this vulnerability class, we don't expect widespread exploitation.

Patching information has been released by Ivanti. However, the recommendation to use the ICT scanner by Ivanti appears to be flawed as pointed out by Google Mandiant. To help with detecting compromises, they have released YARA rules for this vulnerability.

Risk scores

CVSS 3.1

Type: Primary
Base score: 9
Impact score: 6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Known exploits

Data from CISA

Vulnerability name: Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on: Jan 8, 2025
Exploit action due: Jan 15, 2025
Required action: Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75: CWE-121
nvd@nist.gov: CWE-787

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 31

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67D43D1D-564D-4ACD-B0FF-3828B95E9864"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC8480E0-17C0-4590-950F-D3954E735365"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FAF4FB0-A88C-4A87-B6CB-32EF7B415885"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D24A8DB-D697-4C60-935D-B08EE36861CB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]