[CVE-2025-0282] Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

SecurityDesk
2025.01.08 00:00 조회 16

CISA KEV 정보

취약점명Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
설명Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
조치사항Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.
랜섬웨어 캠페인 악용Known
CWECWE-121
등록일 (KEV)2025-01-08
조치 기한2025-01-15
추가 참고CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282

NVD 상세 정보

CVSS v3.1: 9.0 CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

설명: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CWE: CWE-121 | CWE-787

참조

This product uses the NVD API but is not endorsed or certified by the NVD.



바로 가기

← 목록으로 돌아가기

IT 도구 서랍

→ Unix: 2025-01-15T09:30:00
→ 날짜: 1736934600

→ ASCII: ABC
→ 문자: 65 66 67

ASCII 코드표 — 클릭하면 입력란에 추가

제어 문자 (0–31)

DecHex약어설명

출력 가능 문자 (32–126)

DecHex문자

확장 ASCII (128–255)

DecHex문자

→ 유니코드: 홍길동
→ 문자: \ud64d\uae38\ub3d9