ET WEB_SPECIFIC_APPS Ivanti Connect Secure Host Checker Recon (CVE-2025-0282)

SID: 2059095Rev: 199 viewsHistory

Sourceet/open

CreatedJanuary 9, 2025

UpdatedJanuary 9, 2025

Classificationweb-application-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Ivanti Connect Secure Host Checker Recon (CVE-2025-0282)"; flow:established,to_server; http.uri; content:"/dana-cached/hc/hc_launcher"; fast_pattern; pcre:"/^\x2e(?:\d+\x2e){4}jar/R"; reference:url,cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day; reference:cve,2025-0282; classtype:web-application-activity; sid:2059095; rev:1; metadata:affected_product Ivanti, attack_target Server, tls_state TLSDecrypt, created_at 2025_01_09, cve CVE_2025_0282, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Low, signature_severity Major, tag CISA_KEV, updated_at 2025_01_09, mitre_tactic_id TA0043, mitre_tactic_name Reconnaissance, mitre_technique_id T1590, mitre_technique_name Gather_Victim_Network_Information; target:dest_ip;)

References

url	cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
cve	2025-0282

Metadata

affected productIvanti

attack targetServer

tls stateTLSDecrypt

created at2025_01_09

cveCVE-2025-0282

deploymentSSLDecrypt

confidenceLow

signature severityMajor

tagCISA_KEV

updated at2025_01_09

mitre tactic idTA0043

mitre tactic nameReconnaissance

mitre technique idT1590

mitre technique nameGather_Victim_Network_Information

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!