20250109001 - Ivanti known exploitation (#1152)

* 20250109001 - Ivanti known exploitation * Update 20250109001 Update wording of Overview
wagov · Jan 9, 2025 · 89242d0 · 89242d0
1 parent 4b40388
commit 89242d0
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/docs/advisories/20250109001-Ivanti-Known-Exploited-Vulnerability.md b/docs/advisories/20250109001-Ivanti-Known-Exploited-Vulnerability.md
@@ -0,0 +1,31 @@
+# Ivanti Vulnerability Known Active Exploitation - 20250109001
+
+## Overview
+
+Ivanti have released an advisory that addresses vulnerabilities impacting multiple products. Successful exploitation could lead to unauthenticated remote code execution, and allow a local authenticated attacker to escalate privileges.
+
+Ivanti is aware of active exploitation in the wild.
+
+## What is vulnerable?
+
+| CVE | Product(s): Version(s) Affected | CVSS | Severity |
+| --- | ---------------------------------- | ---- | -------- | 
+| [CVE-2025-0282](https://nvd.nist.gov/vuln/detail/CVE-2025-0282) | - Ivanti Connect Secure: **22.7R2 through 22.7R2.4** <br> - Ivanti Policy Secure: **22.7R1 through 22.7R1.2** <br> - Ivanti Neurons for ZTA gateways: **22.7R2 through 22.7R2.3**  | 9.0 | **Critical** |
+| [CVE-2025-0283](https://nvd.nist.gov/vuln/detail/CVE-2025-0283) | - Ivanti Connect Secure: **22.7R2.4 and prior** <br> - Ivanti Connect Secure: **9.1R18.9 and prior** <br> - Ivanti Policy Secure: **22.7R1.2 and prior** <br> - Ivanti Neurons for ZTA gateways: **22.7R2.3 and prior**  | 7.0 | High |
+
+## What has been observed?
+
+Ivanti is aware of active exploitation in the wild.
+CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog.
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Ivanti Advisory: <https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US>
+
+### Additional Resources
+
+- CISA Advisory: <https://www.cisa.gov/news-events/alerts/2025/01/08/ivanti-releases-security-updates-connect-secure-policy-secure-and-zta-gateways>
+- BleepingComputer: <https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/>