About the Vulnerability
Introduction
Ivanti Connect Secure, Policy Secure, and ZTA Gateways are all network products provided by Ivanti Company.
Summary
On January 9, 2025, Sangfor FarSight Labs received notification that an Ivanti Connect Secure, Policy Secure & ZTA Gateways component contains information of Buffer Overflow Vulnerability(CVE-2025-0282), classified as critical in threat level.
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution, leading to server compromise.Note: This vulnerability has been exploited in the wild.
Affected Versions
22.7R2 ≤ Ivanti Connect Secure < 22.7R2.5
22.7R1 ≤ Ivanti Policy Secure < 22.7R1.2
22.7R2 ≤ ZTA gateways < 22.7R2.3
Solutions
Remediation Solutions
Official Solution
Secure Versions:
Ivanti Connect Secure 22.7R2.5
Ivanti Policy Secure 22.7R1.2
ZTA gateways 22.7R2.3
Suggestion:
Affected users are recommended to update the version of their devices to the secure versions.
Download link for Ivanti Connect Secure Patches: https://portal.ivanti.com/
Patches for Ivanti Policy Secure and ZTA gateways are expected to release on January 21, 2025.
Temporary Solution
For users of Ivanti Connect Secure, run the built-in Integrity Check Tool (ICT).
If the scan results show no threats, reset to factory settings and apply the latest patches;
If threats are detected in the scan results, immediately disconnect the affected product and isolate it from other resources, reset any connected passwords, keys, and certificates, and contact the official party for further emergency response and traceability.
Timeline
On January 9, 2025, Sangfor FarSight Labs received notification of Ivanti Connect Secure, Policy Secure & ZTA Gateways Buffer Overflows Vulnerability.
On January 9, 2025, Sangfor FarSight Labs released a vulnerability alert.
References