{"id":3369,"date":"2024-10-11T13:53:38","date_gmt":"2024-10-11T05:53:38","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3369"},"modified":"2024-10-11T13:55:06","modified_gmt":"2024-10-11T05:55:06","slug":"cisa-%e8%ad%a6%e5%91%8a-fortinet-%e9%97%9c%e9%8d%b5%e6%bc%8f%e6%b4%9e%e5%9c%a8%e6%94%bb%e6%93%8a%e4%b8%ad%e8%a2%ab%e5%88%a9%e7%94%a8%ef%bc%8cpalo-alto-%e5%8f%8a-cisco-%e4%b9%9f%e6%8f%ad%e9%9c%b2","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3369","title":{"rendered":"CISA \u8b66\u544a Fortinet \u95dc\u9375\u6f0f\u6d1e\u5728\u653b\u64ca\u4e2d\u88ab\u5229\u7528\uff0cPalo Alto \u53ca Cisco \u4e5f\u63ed\u9732\u91cd\u5927\u5b89\u5168\u6027\u6f0f\u6d1e"},"content":{"rendered":"\n

Fortinet \u7684\u9060\u7aef\u7a0b\u5f0f\u57f7\u884c (RCE) \u6f0f\u6d1e\u88ab\u7db2\u8def\u653b\u64ca\u8005\u5229\u7528<\/p>\n\n\n\n

\"\"
Photo Credit: The Hacker News<\/figcaption><\/figure>\n\n\n\n

10\/9 (\u9031\u4e09) \u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40 CISA \u767c\u51fa\u516c\u544a\uff0c\u99ed\u5ba2\u6b63\u5728\u7a4d\u6975\u5229\u7528 FortiOS \u4f5c\u696d\u7cfb\u7d71\u4e2d\u4e00\u500b\u56b4\u91cd\u7684\u9060\u7aef\u7a0b\u5f0f\u57f7\u884c (RCE) \u6f0f\u6d1e\u3002<\/p>\n\n\n\n

\u9019\u500b\u6f0f\u6d1e\uff08CVE-2024-23113\uff09\u662f\u7531\u65bc fgfmd \u5e38\u99d0\u7a0b\u5f0f\u63a5\u53d7\u4e86\u5916\u90e8\u63a7\u5236\u7684\u683c\u5f0f\u5b57\u4e32\u4f5c\u70ba\u5f15\u6578 (argument) \u6240\u5f15\u767c\uff0c\u8b93\u672a\u7d93\u6388\u6b0a\u7684\u7db2\u8def\u5a01\u8105\u8005\u53ef\u4ee5\u5728\u672a\u4f5c\u7a0b\u5f0f\u4fee\u88dc\u7684\u8a2d\u5099\u4e0a\u57f7\u884c\u6307\u4ee4\u6216\u4efb\u610f\u7a0b\u5f0f\u78bc (arbitrary code)\u3002\u9019\u985e\u653b\u64ca\u7684\u8907\u96dc\u6027\u8f03\u4f4e\uff0c\u4e14\u4e0d\u9700\u8981\u8207\u4f7f\u7528\u8005\u4e92\u52d5\u3002<\/p>\n\n\n\n

CVE-2024-23113 \u6f0f\u6d1e\u5f71\u97ff\u5230 FortiOS 7.0 \u53ca\u5176\u5f8c\u7684\u7248\u672c\u3001FortiPAM 1.0 \u53ca\u66f4\u9ad8\u968e\u7248\u672c\u3001FortiProxy 7.0 \u53ca\u4ee5\u4e0a\u7248\u672c\uff0c\u9084\u6709 FortiWeb 7.4 \u7248\u672c\u3002<\/p>\n\n\n\n

Fortinet (\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u516c\u53f8) \u65bc\u4eca\u5e74\u4e8c\u6708\u4efd\u63ed\u9732\u4e26\u4fee\u88dc\u4e86\u9019\u500b\u5b89\u5168\u6f0f\u6d1e\uff0c\u7576\u6642\u5efa\u8b70\u7db2\u8def\u7ba1\u7406\u8005\u79fb\u9664\u6240\u6709\u4ecb\u9762\u4e2d\u5c0d fgfmd \u5e38\u99d0\u7a0b\u5f0f\u7684\u5b58\u53d6\uff0c\u4f86\u4f5c\u70ba\u4e00\u7a2e\u7de9\u89e3\u63aa\u65bd\uff0c\u85c9\u4ee5\u963b\u64cb\u6f5b\u5728\u7684\u653b\u64ca\u884c\u70ba\u3002<\/p>\n\n\n\n

\u8a72\u516c\u53f8\u4e5f\u5efa\u8b70\u9053\uff0c\u300c\u53e6\u5916\u9700\u6ce8\u610f\u7684\u662f\uff0c\u50c5\u5141\u8a31\u7279\u5b9a IP \u8207 FGFM \u9023\u63a5\u7684\u5340\u57df\u6027\u7b56\u7565\u96d6\u7136\u53ef\u4ee5\u6e1b\u5c11\u653b\u64ca\u5c64\u9762\uff0c\u4e0d\u904e\u9084\u662f\u7121\u6cd5\u5b8c\u5168\u9632\u6b62\u9019\u500b\u6f0f\u6d1e\u5f9e\u8a72 IP \u88ab\u5229\u7528\u3002\u56e0\u6b64\uff0c\u9019\u50c5\u80fd\u4f5c\u70ba\u4e00\u7a2e\u7de9\u89e3\u63aa\u65bd\uff0c\u4e26\u4e0d\u662f\u5b8c\u5099\u7684\u89e3\u6c7a\u65b9\u6848\u3002\u300d<\/p>\n\n\n\n

\u5118\u7ba1 Fortinet \u5c1a\u672a\u66f4\u65b0\u5176\u4e8c\u6708\u7684\u516c\u544a\u4e26\u78ba\u8a8d CVE-2024-23113 \u6f0f\u6d1e\u906d\u5230\u5229\u7528\uff0cCISA \u5df2\u65bc10\/ 9 (\u9031\u4e09) \u5c07\u6b64\u6f0f\u6d1e\u65b0\u589e\u5230\u300c\u5df2\u77e5\u88ab\u5229\u7528\u6f0f\u6d1e\u76ee\u9304\u300d\u4e4b\u4e2d\u3002<\/p>\n\n\n\n

\u7f8e\u570b\u806f\u90a6\u6a5f\u69cb\u73fe\u5728\u4e5f\u88ab\u8981\u6c42\u5728\u4e09\u9031\u5167\uff08\u5373 10 \u6708 30 \u65e5\u4e4b\u524d\uff09\u78ba\u4fdd\u5176\u7db2\u8def\u4e2d\u7684 FortiOS \u8a2d\u5099\u5b89\u5168\u7121\u865e\uff0c\u4ee5\u9632\u7bc4\u9019\u4e9b\u6301\u7e8c\u6027\u7684\u653b\u64ca\uff0c\u9019\u662f\u6839\u64da 2021 \u5e74 11 \u6708\u767c\u4f48\u7684\u5f37\u5236\u547d\u4ee4 (BOD 22-01) \u6240\u8981\u6c42\u7684\u3002<\/p>\n\n\n\n

CISA \u8b66\u544a\u9053\uff0c\u300c\u9019\u985e\u578b\u7684\u6f0f\u6d1e\u7d93\u5e38\u662f\u60e1\u610f\u7db2\u7d61\u653b\u64ca\u8005\u7684\u653b\u64ca\u5411\u91cf (attack vector)\uff0c\u4e26\u4e14\u5c0d\u806f\u90a6\u6a5f\u69cb\u9020\u6210\u91cd\u5927\u98a8\u96aa\u3002\u300d<\/p>\n\n\n\n

\u8377\u862d\u8ecd\u4e8b\u60c5\u5831\u548c\u5b89\u5168\u5c40 (MIVD) \u5728\u4eca\u5e74 6 \u6708\u8b66\u544a\u7a31\uff0c\u4e2d\u570b\u99ed\u5ba2\u5728 2022 \u5e74\u81f3 2023 \u5e74\u671f\u9593\u5229\u7528\u53e6\u4e00\u500b FortiOS \u56b4\u91cd\u7684 RCE \u6f0f\u6d1e (CVE-2022-42475) \u767c\u52d5\u653b\u64ca\uff0c\u690d\u5165\u60e1\u610f\u8edf\u9ad4\u4e26\u4e14\u611f\u67d3\u4e86\u81f3\u5c11 20,000 \u53f0 FortiGate \u7db2\u7d61\u5b89\u5168\u8a2d\u5099\u3002<\/p>\n\n\n\n

Palo Alto Networks <\/strong>\u63ed\u9732 Expedition <\/strong>\u4e2d\u7684\u56b4\u91cd\u6f0f\u6d1e<\/strong><\/p>\n\n\n\n

\u6b64\u5916\uff0c\u7db2\u8def\u5b89\u5168\u516c\u53f8 Palo Alto Networks \u4e5f\u516c\u4f48\u4e86\u5176 Expedition \u8edf\u9ad4\u4e2d\u7684\u591a\u500b\u5b89\u5168\u6f0f\u6d1e\uff0c\u9019\u4e9b\u6f0f\u6d1e\u53ef\u4ee5\u5141\u8a31\u653b\u64ca\u8005\u8b80\u53d6\u8cc7\u6599\u5eab\u5167\u5bb9\u8207\u4efb\u610f\u6a94\u6848 (arbitrary files)\uff0c\u4e26\u5c07\u4efb\u610f\u6a94\u6848\u5beb\u5165\u7cfb\u7d71\u7684\u81e8\u6642\u5132\u5b58\u4f4d\u7f6e\u3002<\/p>\n\n\n\n

Palo Alto Networks \u5728\u9031\u4e09 (10\/ 9) \u7684\u8b66\u544a\u4e2d\u8868\u793a\uff0c\u300c\u9019\u4e9b\u6f0f\u6d1e\u53ef\u80fd\u6d29\u9732\u5305\u62ec\u4f7f\u7528\u8005\u540d\u7a31\u3001\u660e\u6587\u5bc6\u78bc\u3001\u88dd\u7f6e\u7d44\u614b\u548c PAN-OS \u9632\u706b\u7246\u7684 API \u91d1\u9470\u7b49\u8cc7\u8a0a\u3002\u300d<\/p>\n\n\n\n

\u5f71\u97ff Expedition 1.2.96 \u4e4b\u524d\u6240\u6709\u7248\u672c\u7684\u6f0f\u6d1e\u5305\u62ec\u6709\uff1aCVE-2024-9463\uff08CVSS \u8a55\u5206\uff1a9.9\uff09\u3001CVE-2024-9464\uff08CVSS \u8a55\u5206\uff1a9.3\uff09\u3001CVE-2024-9465\uff08CVSS \u8a55\u5206\uff1a9.2\uff09\u3001CVE-2024-9466\uff08CVSS \u8a55\u5206\uff1a8.2\uff09\u3001CVE-2024-9467\uff08CVSS \u8a55\u5206\uff1a7.0\uff09\u3002<\/p>\n\n\n\n

Cisco <\/strong>\u4fee\u5fa9 Nexus Dashboard Fabric Controller <\/strong>\u6f0f\u6d1e<\/strong><\/p>\n\n\n\n

\u4e0a\u9031\uff0cCisco (\u601d\u79d1) \u91cb\u51fa\u4e86\u4fee\u88dc\u7a0b\u5f0f\uff0c\u4fee\u5fa9 Nexus Dashboard Fabric Controller (NDFC) \u7db2\u8def\u7ba1\u7406\u5e73\u53f0\u4e4b\u4e2d\u4e00\u500b\u56b4\u91cd\u7684\u6307\u4ee4\u57f7\u884c\u6f0f\u6d1e\u3002\u8a72\u6f0f\u6d1e\u662f\u7531\u65bc\u4e0d\u7576\u7684\u4f7f\u7528\u8005\u6388\u6b0a\u548c\u6307\u4ee4\u5f15\u6578\u7684\u9a57\u8b49\u4e0d\u8db3\u6240\u5c0e\u81f4\u3002<\/p>\n\n\n\n

\u8a72\u6f0f\u6d1e\u7de8\u865f\u70ba CVE-2024-20432\uff0cCVSS \u8a55\u5206\u70ba 9.9\uff0c\u5b83\u5141\u8a31\u901a\u904e\u9a57\u8b49\u7684\u4f4e\u6b0a\u9650\u9060\u7aef\u653b\u64ca\u8005\u5c0d\u53d7\u5f71\u97ff\u7684\u8a2d\u5099\u9032\u884c\u6307\u4ee4\u6ce8\u5165\u653b\u64ca\u3002\u6b64\u6f0f\u6d1e\u5df2\u5728 NDFC 12.2.2 \u7248\u672c\u4e2d\u4fee\u5fa9\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c11.5 \u53ca\u66f4\u65e9\u7684\u7248\u672c\u4e26\u672a\u53d7\u5230\u8a72\u6f0f\u6d1e\u5f71\u97ff\u3002<\/p>\n\n\n\n

Fortinet \u5b89\u5168\u6027\u6f0f\u6d1e\u76f8\u95dc\u7684\u90e8\u5206\u7684\u5165\u4fb5\u6307\u6a19\uff08IOCs\uff09:<\/p>\n\n\n\n

0f76936e237bd87dfa2378106099a673<\/td><\/tr>
1079d416e093ba40aa9e95a4c2a5b61f<\/td><\/tr>
129ba90886c5f5eb0c81d901ad10c622<\/td><\/tr>
1b7aee68f384e252286559abc32e6dd1<\/td><\/tr>
1d89b48548ea1ddf0337741ebdb89d92<\/td><\/tr>
2716c60c28cf7f7568f55ac33313468b<\/td><\/tr>
2bade2a5ec166d3a226761f78711ce2f<\/td><\/tr>
2c28ec2d541f555b2838099ca849f965<\/td><\/tr>
381b7a2a6d581e3482c829bfb542a7de<\/td><\/tr>
3a8a60416b7b0e1aa5d17eefb0a45a16<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"

Fortinet \u7684\u9060\u7aef\u7a0b\u5f0f\u57f7\u884c (RCE) \u6f0f\u6d1e\u88ab\u7db2\u8def\u653b\u64ca\u8005\u5229\u7528 10\/9 (\u9031\u4e09) \u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[183,174],"class_list":["post-3369","post","type-post","status-publish","format-standard","hentry","category-6","tag-iocs","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3369"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3369\/revisions"}],"predecessor-version":[{"id":3371,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3369\/revisions\/3371"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}