A critical vulnerability has been discovered in several Ivanti products, allowing for remote code execution via a stack-based buffer overflow in the IF-T/TLS implementation. This vulnerability is currently being actively exploited, with over 19,413 instances of vulnerable systems exposed on the internet. Multiple proof-of-concept exploits are publicly available, making this vulnerability a serious and immediate security threat.
| Product | Ivanti Connect Secure |
| Date | 2025-01-17 10:22:11 |
| Information |
|
Technical Summary
The vulnerability resides in the IF-T/TLS implementation of the affected Ivanti products. An unauthenticated attacker can cause a stack-based buffer overflow by sending specially crafted network packets during the IF-T/TLS negotiation process. This overflow can be exploited to achieve remote code execution on the target system with the privileges of the running service.
Affected products and versions:
- Ivanti Connect Secure <
22.7R2.5 - Ivanti Policy Secure <
22.7R1.2 - Ivanti Neurons for ZTA gateways <
22.7R2.3
Key points:
- No authentication required for exploitation
- Default configurations are affected
- Can lead to full system compromise
- Active exploitation observed in the wild
- Multiple PoCs publicly available
- Large number of vulnerable systems exposed
Recommendations
- Immediately update affected systems to the following versions or later:
- Ivanti Connect Secure:
22.7R2.5 - Ivanti Policy Secure:
22.7R1.2 - Ivanti Neurons for ZTA gateways:
22.7R2.3
[Callforaction-THREAT-Footer]
