来源

关联漏洞

描述

Safely detect if an Ivanti server is vulnerable to CVE-2025-0282

介绍

# CVE-2025-0282-check

Safely detect if an Ivanti server is vulnerable to CVE-2025-0282. Refer to our [blog post](https://bishopfox.com/blog/analysis-and-scanner-for-ivanti-cve-2025-0282) for more details.

## Usage

```
./scan-cve-2025-0282.py <SCHEME://HOST[:PORT]>
```

If you don't specify the port, it will default to 443.

```
$ ./scan-cve-2025-0282.py https://192.168.50.208
https://192.168.50.208:443: Vulnerable

$ ./scan-cve-2025-0282.py https://192.168.50.135
https://192.168.50.135:443: Patched

$ ./scan-cve-2025-0282.py https://192.168.50.47
https://192.168.50.47:443: Version 9.1.12.6427 is not affected
```

Use `parallel` to scan multiple targets in one go. Put each target on a separate line and save it to `targets.txt`, then run the following (`-j` controls how many threads are run in parallel):

```
$ cat targets.txt | parallel -j 10 './scan-cve-2025-0282.py {}'
https://192.168.50.208:443: Vulnerable
https://192.168.50.135:443: Patched
https://192.168.50.47:443: Version 9.1.12.6427 is not affected
```

## How it works

Patched systems restrict the size of multiple fields in the clientInfo string, even though CVE-2025-0282 can only be triggered through clientCapabilties. As a result, we can just look for an error response when validation fails on a patched system. Patched systems return an ERROR, and unpatched systems will timeout waiting for the client to perform EAP authentication.

文件快照

 [4.0K]  /data/pocs/4effed4b1f566cf3540a6e401394061cf03a1667
├── [ 34K]  LICENSE
├── [1.4K]  README.md
└── [3.6K]  scan-cve-2025-0282.py

0 directories, 3 files

备注