Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation

    Monday, January 20, 2025 In: Threat Research Print

    Date: 01/20/2025

    Severity: High

    Summary

    On Wednesday, January 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, affecting Ivanti Connect Secure (ICS) VPN appliances. Zero-day exploitation of CVE-2025-0282 has been observed in the wild since mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow that, if successfully exploited, could enable remote code execution without authentication, potentially compromising the victim’s network.

    Indicators of Compromise (IOC) List

    Hash :

    366635c00b8e6f749a4d948574a0f1e7b4c842ca443176de27af45debbc14f71

63b386027ee268f1921f7b605a36cd91d08921f86ea5c6dd10f1808d25114b9d

443f3aeb9c33eaa900a99f2dba18ba9c43f8d85089ee9d2d3c72794d8023aa4e

aff3c01cfe15e17834bae4a5d684ef31ab99c0f4ab6a7b17676d53282e4bad1b

a3dbcc9d4e1dd523f2848689f7e0753465de6188cfac4d3a52389ab1ec3db836

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash :

    sha256hash IN ("366635c00b8e6f749a4d948574a0f1e7b4c842ca443176de27af45debbc14f71","63b386027ee268f1921f7b605a36cd91d08921f86ea5c6dd10f1808d25114b9d","443f3aeb9c33eaa900a99f2dba18ba9c43f8d85089ee9d2d3c72794d8023aa4e","aff3c01cfe15e17834bae4a5d684ef31ab99c0f4ab6a7b17676d53282e4bad1b","a3dbcc9d4e1dd523f2848689f7e0753465de6188cfac4d3a52389ab1ec3db836")

    Reference:   

    https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day 


    Tags

    MalwareExploitCVE-2025

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.