¡¾·ì϶¹«¸æ¡¿Ivanti¶à¿î²úÆ·»º³åÇøÒç¶Âí½Å(CVE-2025-0282)

°ä²¼¹¦·ò 2025-01-14

Ò»¡¢·ì϶¸ÅÊö

·ìϼûû³Æ

Ivanti¶à¿î²úÆ·»º³åÇøÒç¶Âí½Å

CVE   ID

CVE-2025-0282

·ì϶ÀàÐÍ

»º³åÇøÒç³ö

·¢ÏÖ¹¦·ò

2025-01-14

·ì϶ÆÀ·Ö

9.0

·ì϶µÈ¼¶

ÑϳÁ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

µÍ

ÀûÓÃÄѶÈ

¸ß

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ


Ivanti Connect Secure£¨Ç°³Æ Pulse Connect Secure£©ÊÇ Ivanti ÌṩµÄÆóÒµ¼¶ SSL VPN ½â¾ö¹æ»®£¬£¬ £¬£¬£¬£¬£¬£¬Ö¼ÔÚΪԶ³ÌÓû§Ìṩ°²È«µÄÍøÂç½Ó¼û¡£¡£ ¡£¡£¡£Í¨¹ý¼ÓÃÜͨ·±£ÏÕÊý¾Ý°²È«£¬£¬ £¬£¬£¬£¬£¬£¬Ö§³ÖÉí·ÝÑéÖ¤ºÍ½Ó¼û½ÚÔ죬£¬ £¬£¬£¬£¬£¬£¬ºÏÓÃÓÚÔ¶³Ì°ì¹«¡¢ºÏ×÷ͬ°é½Ó¼ûºÍ·ÖÖ§»ú¹¹Ïνӵȸ߰²È«ÐÔ³¡¾°¡£¡£ ¡£¡£¡£


2025Äê1ÔÂ14ÈÕ£¬£¬ £¬£¬£¬£¬£¬£¬8827Ì«Ñô¼¯Íż¯ÍÅVSRC¼à²âµ½Ivanti¹Ù·½°ä²¼Á˸üУ¬£¬ £¬£¬£¬£¬£¬£¬½¨¸´ÁËIvanti Connect Secure¡¢Policy SecureºÍZTA GatewaysÖеÄÁ½¸ö»º³åÇøÒç¶Âí½Å£ºCVE-2025-0282ºÍCVE-2025-0283¡£¡£ ¡£¡£¡£ÆäÖУ¬£¬ £¬£¬£¬£¬£¬£¬CVE-2025-0282·ì϶±»ÆÀ¶¨ÎªÑϳÁ£¬£¬ £¬£¬£¬£¬£¬£¬CVSSÆÀ·ÖΪ9.0·Ö£»£»£»£»£» £»CVE-2025-0283·ì϶Ôò±»ÆÀ¶¨Îª¸ßΣ£¬£¬ £¬£¬£¬£¬£¬£¬CVSSÆÀ·ÖΪ7.0·Ö¡£¡£ ¡£¡£¡£


CVE-2025-0282£ºÔ¶³Ìδ¾­ÈÏÖ¤µÄ¹¥»÷Õß¿Éͨ¹ý´Ë·ì϶ʵÏÖÔ¶³Ì´úÂëÖ´ÐУ¬£¬ £¬£¬£¬£¬£¬£¬CVE-2025-0283£º±¾µØÒÑÈÏÖ¤¹¥»÷Õß¿ÉÀûÓô˷ì϶ÌáÉýȨÏÞ¡£¡£ ¡£¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


22.7R2 <= Ivanti Connect Secure <= 22.7R2.4
22.7R1 <= Ivanti Policy Secure <= 22.7R1.2

22.7R2 <= Ivanti Neurons for ZTA <= 22.7R2.3


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Ä¿Ç°¸Ã·ì϶ÒѾ­½¨¸´£¬£¬ £¬£¬£¬£¬£¬£¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½ÒÔÏ°汾£º
Ivanti Connect Secure >= 22.7R2.5
Ivanti Neurons for ZTA gateways >= 22.7R2.5£¨Ivanti Policy Secure ¡¢ZTA gateways²¹¶¡Ô¤¼ÆÓÚ1ÔÂ21ÈÕ°ä²¼£©


ÏÂÔØÁ´½Ó£º

https://portal.ivanti.com/


3.2 һʱ´ëÊ©


ÈôIvanti Connect SecureµÄICTɨÃèÁ˾ÖÕý³££¬£¬ £¬£¬£¬£¬£¬£¬¿ÉÔÚÉý¼¶µ½22.7R2.5Ç°¸´Ô­³ö³§ÉèÖ㻣»£»£»£» £»Èô·¢ÏÖÍþв£¬£¬ £¬£¬£¬£¬£¬£¬ÐèÖ´Ðи´Ô­³ö³§ÉèÖᣡ£ ¡£¡£¡£Ivanti Policy SecureºÍZTA Gateways½«ÔÚ1ÔÂ21ÈÕ°ä²¼½¨¸´£¬£¬ £¬£¬£¬£¬£¬£¬Óû§Ó¦È·±£É豸²»Â¶³öÓÚ»¥ÁªÍø¡£¡£ ¡£¡£¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¡£ ¡£¡£¡£¬£¬ £¬£¬£¬£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬ £¬£¬£¬£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£ ¡£¡£¡£

¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬£¬ £¬£¬£¬£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬ £¬£¬£¬£¬£¬£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬ £¬£¬£¬£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬ £¬£¬£¬£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£ ¡£¡£¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬ £¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£ ¡£¡£¡£

¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬ £¬£¬£¬£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬£¬ £¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£ ¡£¡£¡£

ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£ ¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://www.tenable.com/blog/cve-2025-0282-ivanti-connect-secure-zero-day-vulnerability-exploited-in-the-wild
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/
https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US