{"id":3537,"date":"2025-01-10T17:28:05","date_gmt":"2025-01-10T09:28:05","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3537"},"modified":"2025-01-10T17:40:19","modified_gmt":"2025-01-10T09:40:19","slug":"ivanti-%e6%bc%8f%e6%b4%9e%e6%88%90%e7%82%ba%e6%94%bb%e6%93%8a%e7%84%a6%e9%bb%9e%ef%bc%8cconnect-secure-%e5%92%8c-policy-secure-%e9%9d%a2%e8%87%a8%e9%ab%98%e9%a2%a8%e9%9a%aa","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3537","title":{"rendered":"Ivanti \u6f0f\u6d1e\u6210\u70ba\u653b\u64ca\u7126\u9ede\uff0cConnect Secure \u548c Policy Secure \u9762\u81e8\u9ad8\u98a8\u96aa"},"content":{"rendered":"\n<p><strong>#<\/strong> <strong>CVE-2025-0282<\/strong><\/p>\n\n\n\n<p><strong>#<\/strong> <strong>CVE-2025-0283<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"846\" height=\"433\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/01\/image-4.png\" alt=\"\" class=\"wp-image-3538\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/01\/image-4.png 846w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/01\/image-4-300x154.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/01\/image-4-768x393.png 768w\" sizes=\"auto, (max-width: 846px) 100vw, 846px\" \/><figcaption class=\"wp-element-caption\">Photo credit: Ivanti<\/figcaption><\/figure>\n\n\n\n<p><strong>\u6982\u8ff0<\/strong><br>1 \u6708 8 \u65e5Ivanti \u767c\u5e03\u91cd\u8981<a href=\"https:\/\/www.ivanti.com\/blog\/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways\">\u516c\u544a<\/a>\uff0c\u6307\u51fa <strong>Connect Secure<\/strong>\u3001<strong>Policy Secure<\/strong> \u548c <strong>ZTA Gateways<\/strong> \u7522\u54c1\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u81ea 2024 \u5e74 12 \u6708\u4e2d\u65ec\u8d77\u5df2\u906d\u5230\u7a4d\u6975\u5229\u7528\u3002\u88ab\u5229\u7528\u7684\u95dc\u9375\u6f0f\u6d1e\u70ba <strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282\">CVE-2025-0282<\/a><\/strong>\uff0c\u9019\u662f\u4e00\u500b<strong>\u57fa\u65bc\u5806\u758a\u7684\u7de9\u885d\u5340\u6ea2\u51fa<\/strong>\uff0cCVSS \u5206\u6578\u70ba 9.0\uff0c\u5f71\u97ff\u4ee5\u4e0b\u7248\u672c\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ivanti Connect Secure<\/strong>\uff1a22.7R2.5 \u4e4b\u524d\u7684\u7248\u672c<\/li>\n\n\n\n<li><strong>Ivanti Policy Secure<\/strong>\uff1a22.7R1.2 \u4e4b\u524d\u7684\u7248\u672c<\/li>\n\n\n\n<li><strong>Ivanti Neurons for ZTA Gateways<\/strong>\uff1a22.7R2.3 \u4e4b\u524d\u7684\u7248\u672c<\/li>\n<\/ul>\n\n\n\n<p>\u6210\u529f\u5229\u7528 CVE-2025-0282 \u53ef\u80fd\u5c0e\u81f4 <strong>\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u9060\u7aef\u4ee3\u78bc\u57f7\u884c\uff08RCE<\/strong><strong>\uff09<\/strong>\u3002Ivanti \u7684 Integrity Checker Tool (ICT) \u5728\u653b\u64ca\u7576\u5929\u5075\u6e2c\u5230\u60e1\u610f\u6d3b\u52d5\uff0c\u5f9e\u800c\u80fd\u8fc5\u901f\u56de\u61c9\u4e26\u958b\u767c\u4fee\u88dc\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<p><strong>\u5176\u4ed6\u6f0f\u6d1e\uff1a<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0283\">CVE-2025-0283<\/a><\/strong><\/p>\n\n\n\n<p>\u53e6\u4e00\u500b\u9ad8\u5371\u6f0f\u6d1e <strong>CVE-2025-0283<\/strong>\uff08CVSS \u5206\u6578\uff1a7.0\uff09\u5141\u8a31 <strong>\u672c\u5730\u7279\u6b0a\u63d0\u5347<\/strong>\uff0c\u76ee\u524d\u5df2\u4fee\u88dc\u3002\u4ee5\u4e0b\u7248\u672c\u53d7\u5f71\u97ff\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVE-2025-0282<\/strong>\uff1a\u5f71\u97ff Ivanti Connect Secure 22.7R2 \u81f3 22.7R2.4\u3001Policy Secure 22.7R1 \u81f3 22.7R1.2\uff0c\u4ee5\u53ca ZTA Gateways 22.7R2 \u81f3 22.7R2.3\u3002<\/li>\n\n\n\n<li><strong>CVE-2025-0283<\/strong>\uff1a\u5f71\u97ff Ivanti Connect Secure 22.7R2.4 \u53ca\u66f4\u65e9\u7248\u672c\u30019.1R18.9 \u53ca\u66f4\u65e9\u7248\u672c\uff0cPolicy Secure 22.7R1.2 \u53ca\u66f4\u65e9\u7248\u672c\uff0c\u4ee5\u53ca ZTA Gateways 22.7R2.3 \u53ca\u66f4\u65e9\u7248\u672c\u3002<\/li>\n<\/ul>\n\n\n\n<p>Ivanti \u78ba\u8a8d\u6709\u9650\u6578\u91cf\u7684\u5ba2\u6236\u56e0 CVE-2025-0282 \u906d\u53d7\u653b\u64ca\uff0c\u5c1a\u672a\u767c\u73fe CVE-2025-0283 \u88ab\u6b66\u5668\u5316\u7684\u8de1\u8c61\u3002<\/p>\n\n\n\n<p><strong>\u5a01\u8105\u884c\u70ba\u8005\u6b78\u56e0\u8207\u5229\u7528\u7d30\u7bc0<\/strong><\/p>\n\n\n\n<p>Mandiant \u7684\u8abf\u67e5\u5c07 CVE-2025-0282 \u7684\u5229\u7528\u6d3b\u52d5\u6b78\u56e0\u65bc <strong>UNC5337<\/strong>\uff0c\u9019\u662f\u4e00\u500b\u8207\u4e2d\u570b\u76f8\u95dc\u7684\u5a01\u8105\u884c\u70ba\u8005\uff0c\u8a55\u4f30\u70ba <strong>UNC5221<\/strong> \u7684\u4e00\u90e8\u5206\u3002\u653b\u64ca\u93c8\u6d89\u53ca\u5728\u53d7\u640d\u8a2d\u5099\u4e2d\u90e8\u7f72 <strong>SPAWN <\/strong><strong>\u60e1\u610f\u8edf\u9ad4\u751f\u614b\u7cfb\u7d71<\/strong>\uff0c\u4e26\u4f7f\u7528\u5176\u4ed6\u60e1\u610f\u8edf\u9ad4\u7cfb\u5217\uff0c\u5982 <strong>DRYHOOK<\/strong> \u548c <strong>PHASEJAM<\/strong>\uff0c\u9019\u4e9b\u5747\u70ba\u9996\u6b21\u8a18\u9304\u7684\u60e1\u610f\u8edf\u9ad4\u5bb6\u65cf\u3002<\/p>\n\n\n\n<p>\u4e3b\u8981\u7684\u6f0f\u6d1e\u5229\u7528\u7b56\u7565\u5305\u62ec\uff1a<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>\u505c\u7528 SELinux \u4e26\u91cd\u65b0\u639b\u8f09\u6a94\u6848\u7cfb\u7d71\u3002<\/li>\n\n\n\n<li>\u690d\u5165\u548c\u57f7\u884c\u7db2\u9801\u5f8c\u9580\u4ee5\u7dad\u6301\u8a2a\u554f\u6b0a\u9650\u3002<\/li>\n\n\n\n<li>\u4fee\u6539\u7cfb\u7d71\u65e5\u8a8c\uff08\u4f8b\u5982\u522a\u9664 SELinux \u6838\u5fc3\u8a0a\u606f\u548c\u7cfb\u7d71\u5d29\u6f70\u75d5\u8de1\uff09\u4ee5\u9003\u907f\u6aa2\u6e2c\u3002<\/li>\n\n\n\n<li>\u52ab\u6301\u95dc\u9375\u7a0b\u5e8f\u4ee5\u5be6\u73fe\u91cd\u555f\u548c\u5347\u7d1a\u5f8c\u7684\u6301\u4e45\u6027\u3002<\/li>\n<\/ol>\n\n\n\n<p><strong>PHASEJAM<\/strong> \u7684\u529f\u80fd\u5305\u62ec\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5728\u95dc\u9375\u6a94\u6848\uff08getComponent.cgi\u3001restAuth.cgi\uff09\u4e2d\u63d2\u5165\u7db2\u9801\u5f8c\u9580\u3002<\/li>\n\n\n\n<li>\u901a\u904e\u4fee\u6539 DSUpgrade.pm \u6a94\u6848\u963b\u6b62\u5408\u6cd5\u7684\u7cfb\u7d71\u5347\u7d1a\u3002<\/li>\n\n\n\n<li>\u8986\u84cb remotedebug \u53ef\u57f7\u884c\u6a94\u6848\uff0c\u4ee5\u57f7\u884c\u4efb\u610f\u547d\u4ee4\u3002<\/li>\n<\/ul>\n\n\n\n<p><strong>\u9ad8\u7d1a\u653b\u64ca\u80fd\u529b<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u7db2\u8def\u5075\u67e5<\/strong>\uff1a\u4f7f\u7528\u5de5\u5177\uff08\u5982 nmap \u548c dig\uff09\u9032\u884c\u5167\u90e8\u7db2\u8def\u5730\u5716\u7e6a\u88fd\u3002<\/li>\n\n\n\n<li><strong>\u6191\u8b49\u63d0\u53d6<\/strong>\uff1a\u90e8\u7f72\u5982 <strong>DRYHOOK<\/strong> \u7684\u8173\u672c\uff0c\u5f9e\u6703\u8a71\u5feb\u53d6\u548c\u76ee\u9304\u4e2d\u63d0\u53d6\u654f\u611f\u8cc7\u6599\u3002<\/li>\n\n\n\n<li><strong>\u6a6b\u5411\u79fb\u52d5<\/strong>\uff1a\u5229\u7528 LDAP \u670d\u52d9\u5e33\u6236\u9032\u884c\u67e5\u8a62\uff0c\u4e26\u901a\u904e SMB \u6216 RDP \u653b\u64ca\u5167\u90e8\u7db2\u8def\u4e2d\u7684\u5176\u4ed6\u7cfb\u7d71\u3002<\/li>\n<\/ul>\n\n\n\n<p>Mandiant \u9084\u767c\u73fe\u653b\u64ca\u8005\u4f7f\u7528\u516c\u958b\u53ef\u7528\u7684\u96a7\u9053\u5de5\u5177\uff08\u5982 <strong>SPAWNMOLE<\/strong>\uff09\u9032\u884c\u6307\u63ee\u8207\u63a7\u5236\uff08C2\uff09\u901a\u4fe1\u3002\u5a01\u8105\u884c\u70ba\u8005\u7684\u9ad8\u5ea6\u8907\u96dc\u6027\u9ad4\u73fe\u5728\u5176\u7cfb\u7d71\u6027\u522a\u9664\u65e5\u8a8c\u75d5\u8de1\u7684\u80fd\u529b\u4e0a\uff0c\u5305\u62ec\u6838\u5fc3\u8a0a\u606f\u3001\u5d29\u6f70\u8a18\u9304\u548c\u547d\u4ee4\u6b77\u53f2\u8a18\u9304\u3002<\/p>\n\n\n\n<p><strong>\u6230\u7565\u5f71\u97ff<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/01\/08\/ivanti-releases-security-updates-connect-secure-policy-secure-and-zta-gateways\">\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u8207\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40<\/a>\uff08CISA\uff09\u5df2\u5c07 <strong>CVE-2025-0282<\/strong> \u5217\u5165\u300c\u5df2\u77e5\u88ab\u5229\u7528\u6f0f\u6d1e\u76ee\u9304\u300d\uff08KEV\uff09\uff0c\u8981\u6c42\u806f\u90a6\u6a5f\u69cb\u5728 <strong>2025 <\/strong><strong>\u5e74 1 <\/strong><strong>\u6708 15 <\/strong><strong>\u65e5<\/strong> \u4e4b\u524d\u5b8c\u6210\u4fee\u88dc\u3002CISA \u547c\u7c72\u6240\u6709\u7d44\u7e54\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7acb\u5373\u5347\u7d1a\u53d7\u5f71\u97ff\u7684 Ivanti \u7522\u54c1\u7248\u672c\u3002<\/li>\n\n\n\n<li>\u641c\u7d22\u74b0\u5883\u4e2d\u662f\u5426\u5b58\u5728\u88ab\u653b\u64ca\u7684\u8de1\u8c61\uff0c\u5305\u62ec\u7570\u5e38\u6d3b\u52d5\u65e5\u8a8c\u548c\u672a\u7d93\u6388\u6b0a\u7684\u8173\u672c\u3002<\/li>\n\n\n\n<li>\u5831\u544a\u4efb\u4f55\u4e8b\u4ef6\u4e26\u5347\u7d1a\u53d7\u611f\u67d3\u7cfb\u7d71\u4ee5\u9032\u884c\u6df1\u5165\u53d6\u8b49\u5206\u6790\u3002<\/li>\n<\/ul>\n\n\n\n<p><strong>\u5efa\u8b70<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>\u4fee\u88dc\u7ba1\u7406<\/strong>\uff1a\u8fc5\u901f\u61c9\u7528\u4fee\u88dc\u7a0b\u5f0f\u4e26\u6e2c\u8a66\u4fee\u5fa9\u6548\u679c\u3002<\/li>\n\n\n\n<li><strong>\u52a0\u5f37\u76e3\u63a7<\/strong>\uff1a\u90e8\u7f72\u5de5\u5177\u76e3\u63a7 SELinux \u6216 syslog \u7684\u7570\u5e38\u884c\u70ba\u3002<\/li>\n\n\n\n<li><strong>\u65e5\u8a8c\u5206\u6790<\/strong>\uff1a\u56de\u9867\u65e5\u8a8c\u6a94\u6848\uff0c\u641c\u5c0b\u5229\u7528\u6b65\u9a5f\u7684\u8b49\u64da\uff08\u4f8b\u5982 SELinux \u8b8a\u66f4\u6216\u53ef\u57f7\u884c\u6a94\u6848\u88ab\u4fee\u6539\uff09\u3002<\/li>\n\n\n\n<li><strong>\u7db2\u8def\u5206\u6bb5<\/strong>\uff1a\u9694\u96e2 Ivanti \u8a2d\u5099\uff0c\u6e1b\u5c11\u5c0d\u654f\u611f\u8cc7\u6e90\u7684\u6f5b\u5728\u5f71\u97ff\uff0c\u4e26\u5be6\u65bd\u6700\u5c0f\u6b0a\u9650\u539f\u5247\u3002<\/li>\n\n\n\n<li><strong>\u4e8b\u4ef6\u56de\u61c9<\/strong>\uff1a\u5236\u5b9a\u4e26\u6e2c\u8a66\u91dd\u5c0d\u52d2\u7d22\u8edf\u9ad4\u548c\u7db2\u9801\u5f8c\u9580\u90e8\u7f72\u7684\u4e8b\u4ef6\u56de\u61c9\u8a08\u756b\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u9452\u65bc\u6b64\u6b21\u653b\u64ca\u7684\u6301\u4e45\u6027\uff0c\u512a\u5148\u89e3\u6c7a\u9019\u4e9b\u6f0f\u6d1e\u662f\u4fdd\u8b77\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u514d\u53d7\u9032\u4e00\u6b65\u5a01\u8105\u7684\u95dc\u9375\u63aa\u65bd\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p># CVE-2025-0282 # CVE-2025-0283 \u6982\u8ff01 \u6708 8 \u65e5Ivanti \u767c\u5e03\u91cd\u8981\u516c\u544a\uff0c <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=3537\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-3537","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3537"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3537\/revisions"}],"predecessor-version":[{"id":3540,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3537\/revisions\/3540"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}