Ivanti¤ÎVPNÀ½Éʤ˶۵ޤÎÀȼåÀ¡¢¹ñÆâ¤Ç¤â¹¶·â¤Ø¤Î°ÍѤò³Îǧ¤«
Mandiant (Google Cloud)¤Ï1·î12Æü(Êƹñ»þ´Ö)¡¢¡ÖCutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation¡ÃMandiant¡×¤Ë¤ª¤¤¤Æ¡¢Ivanti¤ÎVPNÀ½ÉÊ¡ÖIvanti Connect Secure VPN¡×¤È¡ÖIvanti Policy Secure¡×¤Ë¸ºß¤¹¤ë2¤Ä¤Î¿·¤·¤¤¥¼¥í¥Ç¥¤ÀȼåÀ¤¬°ÍѤµ¤ì¤¿¤ÈÊ󤸤¿¡£
¡ûȯ¸«¤µ¤ì¤¿ÀȼåÀ¤Î³µÍ×
°ÍѤµ¤ì¤¿ÀȼåÀ¤Ï¡¢¡ÖCVE-2023-46805¡×¤È¡ÖCVE-2024-21887¡×¤Ç¡¢¿¼¹ïÅÙ¤¬¤½¤ì¤¾¤ì¶ÛµÞ(Critical)¤ª¤è¤Ó½ÅÍ×(Important)¤Èɾ²Á¤µ¤ì¤Æ¤¤¤ë¡£¤³¤ì¤éÀȼåÀ¤ò°ÍѤµ¤ì¤ë¤Èǧ¾Ú¤¬¥Ð¥¤¥Ñ¥¹¤µ¤ì¡¢¥³¥Þ¥ó¥É¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤Ë¤è¤êǤ°Õ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ë¡£
¡ûIvanti¤ÎVPNÀ½ÉʤËÂФ¹¤ë¹¶·â¤Î³µÍ×
Mandiant¤Ë¤è¤ë¤È¡¢2023ǯ12·îº¢¤«¤é¥¹¥Ñ¥¤³èÆ°¤Îµ¿¤¤¤Î¤¢¤ë¶¼°Ò¥¢¥¯¥¿¡¼¤Ë¤è¤Ã¤Æ¤³¤ì¤éÀȼåÀ¤¬°ÍѤµ¤ì¤Æ¤¤¤ë¤È¤¤¤¦¡£¤³¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤Ï¸½ºß¡¢¡ÖUNC5221¡×¤È¤·¤ÆÄÉÀפµ¤ì¤Æ¤¤¤ë¡£¶¼°Ò¥¢¥¯¥¿¡¼¤Ï¤³¤ì¤éÀȼåÀ¤Î°ÍѤˤè¤ê¡¢¿¯³²¤·¤¿¥·¥¹¥Æ¥à¤Ë5¤Ä¤Î¥Þ¥ë¥¦¥§¥¢¤òŸ³«¡£¤³¤ì¤é¤Ë¤è¤ê¡¢Ç§¾Ú¤ò²óÈò¤·¤Æ¥·¥¹¥Æ¥à¤Ø¥¢¥¯¥»¥¹¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¥Ð¥Ã¥¯¥É¥¢¤ò¹½ÃÛ¤·¤¿¤È¤µ¤ì¤ë¡£Mandiant¤Ï¤³¤ì¤é¥Þ¥ë¥¦¥§¥¢¤òÆÃÄꤷ¡¢Ê¬ÀϤËÀ®¸ù¤·¤Æ¤¤¤ë¡£
³«È¯¸µ¤ÎIvanti¤Ï¡¢Mandiant¡¢Èï³²¤ò¼õ¤±¤¿¸ÜµÒ¡¢À¯Éܵ¡´Ø¡¢Volexity¤È¶¨ÎϤ·¤Æ¤³¤Î·ï¤ËÂн衣ĴººÊó¹ð¤Èº£¸å¤ÎͽÄê¤ò¸ø³«¤·¤¿(»²¹Í¡§¡ÖCVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways¡×)¡£
¸ø³«¤µ¤ì¤¿¾ðÊó¤Ë¤è¤ë¤È¡¢¤³¤ì¤éÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
Ivanti Connect Secure VPN¥Ð¡¼¥¸¥ç¥ó9.x¤ª¤è¤Ó22.x
Ivanti Policy Secure
¤³¤ì¤éÀȼåÀ¤Î°ÍѤòȯ¸«¡¦Êó¹ð¤·¤¿¥µ¥¤¥Ð¡¼¥»¥¥å¥ê¥Æ¥£´ë¶È¤ÎVolexity¤Ï¡¢¤³¤Î·ï¤Ë´Ø¤¹¤ë¹¶·â¤Î¾ÜºÙ¤È¥»¥¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿(IoC: Indicator of Compromise)¤ª¤è¤ÓYara¥ë¡¼¥ë¤ò¸ø³«¤·¤Æ¤¤¤ë(Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN | Volexity)¡£Volexity¤Ï¤³¤Î¹¶·â¤ò¼Â»Ü¤·¤¿¶¼°Ò¥¢¥¯¥¿¡¼¤Ë¤Ä¤¤¤Æ¡¢Ãæ¹ñ¤Î¹ñ²È»Ù±ç¤ò¼õ¤±¤ë¡ÖUTA0178¡×¤Î²ÄǽÀ¤¬¤¢¤ë¤È»ØŦ¤·¤Æ¤¤¤ë¡£
¡ûÂкö
Ivanti¤Ïµ¡´ï¤Î¿¯³²¤ò³Îǧ¤¹¤ë¥Ä¡¼¥ë¤ò¸ø³«¤·¤Æ¤¤¤ë¤Û¤«¡¢¤³¤Î±Æ¶Á¤ò²óÈò¤¹¤ë¤¿¤á¤Î´ËϺö¤òÄ󶡤·¤Æ¤ª¤ê¡¢Åö³ºÀ½ÉʤòÍøÍѤ·¤Æ¤¤¤ë¸ÜµÒ¤ËÂФ·¤Æľ¤Á¤ËÂкö¤ò¹Ö¤¸¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë(»²¹Í¡§¡ÖKB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways¡×)¡£¤Þ¤¿¡¢½¤Àµ¥Ñ¥Ã¥Á¤Ï1·î22Æü°Ê¹ß¤Ë»ÃÄêÈǤò¡¢2·î19Æü°Ê¹ß¤ËºÇ½ªÈǤò¥ê¥ê¡¼¥¹¤¹¤ëͽÄê¤È¤·¤Æ¤¤¤ë¡£
¡û¹ñÆâ¤Ç¤â°ÍѤò³Îǧ
IPA¤Ï¡¢ÂоݤÎÀȼåÀ¤ò°ÍѤ·¤¿¤È»×¤ï¤ì¤ë¹¶·â¤¬¹ñÆâ¤Ç´Ñ¬¤µ¤ì¤¿¤È¤Î¾ðÊ󤬤¢¤ë¤È¤·¤Æ¡¢Âкö¤ò¸¡Æ¤¤¹¤ë¤è¤¦¡¢Ãí°Õ¤ò´µ¯¤·¤Æ¤¤¤ë¡Ê»²¹Í¡§Ivanti Connect Secure¡ÊµìPulse Connect Secure¡Ë¤ª¤è¤Ó Ivanti Policy Secure Gateways ¤ÎÀȼåÀÂкö¤Ë¤Ä¤¤¤Æ(CVE-2023-46805 Åù)¡Ë¡£
¡ûȯ¸«¤µ¤ì¤¿ÀȼåÀ¤Î³µÍ×
°ÍѤµ¤ì¤¿ÀȼåÀ¤Ï¡¢¡ÖCVE-2023-46805¡×¤È¡ÖCVE-2024-21887¡×¤Ç¡¢¿¼¹ïÅÙ¤¬¤½¤ì¤¾¤ì¶ÛµÞ(Critical)¤ª¤è¤Ó½ÅÍ×(Important)¤Èɾ²Á¤µ¤ì¤Æ¤¤¤ë¡£¤³¤ì¤éÀȼåÀ¤ò°ÍѤµ¤ì¤ë¤Èǧ¾Ú¤¬¥Ð¥¤¥Ñ¥¹¤µ¤ì¡¢¥³¥Þ¥ó¥É¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤Ë¤è¤êǤ°Õ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ë¡£
¡ûIvanti¤ÎVPNÀ½ÉʤËÂФ¹¤ë¹¶·â¤Î³µÍ×
Mandiant¤Ë¤è¤ë¤È¡¢2023ǯ12·îº¢¤«¤é¥¹¥Ñ¥¤³èÆ°¤Îµ¿¤¤¤Î¤¢¤ë¶¼°Ò¥¢¥¯¥¿¡¼¤Ë¤è¤Ã¤Æ¤³¤ì¤éÀȼåÀ¤¬°ÍѤµ¤ì¤Æ¤¤¤ë¤È¤¤¤¦¡£¤³¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤Ï¸½ºß¡¢¡ÖUNC5221¡×¤È¤·¤ÆÄÉÀפµ¤ì¤Æ¤¤¤ë¡£¶¼°Ò¥¢¥¯¥¿¡¼¤Ï¤³¤ì¤éÀȼåÀ¤Î°ÍѤˤè¤ê¡¢¿¯³²¤·¤¿¥·¥¹¥Æ¥à¤Ë5¤Ä¤Î¥Þ¥ë¥¦¥§¥¢¤òŸ³«¡£¤³¤ì¤é¤Ë¤è¤ê¡¢Ç§¾Ú¤ò²óÈò¤·¤Æ¥·¥¹¥Æ¥à¤Ø¥¢¥¯¥»¥¹¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¥Ð¥Ã¥¯¥É¥¢¤ò¹½ÃÛ¤·¤¿¤È¤µ¤ì¤ë¡£Mandiant¤Ï¤³¤ì¤é¥Þ¥ë¥¦¥§¥¢¤òÆÃÄꤷ¡¢Ê¬ÀϤËÀ®¸ù¤·¤Æ¤¤¤ë¡£
³«È¯¸µ¤ÎIvanti¤Ï¡¢Mandiant¡¢Èï³²¤ò¼õ¤±¤¿¸ÜµÒ¡¢À¯Éܵ¡´Ø¡¢Volexity¤È¶¨ÎϤ·¤Æ¤³¤Î·ï¤ËÂн衣ĴººÊó¹ð¤Èº£¸å¤ÎͽÄê¤ò¸ø³«¤·¤¿(»²¹Í¡§¡ÖCVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways¡×)¡£
¸ø³«¤µ¤ì¤¿¾ðÊó¤Ë¤è¤ë¤È¡¢¤³¤ì¤éÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
Ivanti Connect Secure VPN¥Ð¡¼¥¸¥ç¥ó9.x¤ª¤è¤Ó22.x
Ivanti Policy Secure
¤³¤ì¤éÀȼåÀ¤Î°ÍѤòȯ¸«¡¦Êó¹ð¤·¤¿¥µ¥¤¥Ð¡¼¥»¥¥å¥ê¥Æ¥£´ë¶È¤ÎVolexity¤Ï¡¢¤³¤Î·ï¤Ë´Ø¤¹¤ë¹¶·â¤Î¾ÜºÙ¤È¥»¥¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿(IoC: Indicator of Compromise)¤ª¤è¤ÓYara¥ë¡¼¥ë¤ò¸ø³«¤·¤Æ¤¤¤ë(Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN | Volexity)¡£Volexity¤Ï¤³¤Î¹¶·â¤ò¼Â»Ü¤·¤¿¶¼°Ò¥¢¥¯¥¿¡¼¤Ë¤Ä¤¤¤Æ¡¢Ãæ¹ñ¤Î¹ñ²È»Ù±ç¤ò¼õ¤±¤ë¡ÖUTA0178¡×¤Î²ÄǽÀ¤¬¤¢¤ë¤È»ØŦ¤·¤Æ¤¤¤ë¡£
¡ûÂкö
Ivanti¤Ïµ¡´ï¤Î¿¯³²¤ò³Îǧ¤¹¤ë¥Ä¡¼¥ë¤ò¸ø³«¤·¤Æ¤¤¤ë¤Û¤«¡¢¤³¤Î±Æ¶Á¤ò²óÈò¤¹¤ë¤¿¤á¤Î´ËϺö¤òÄ󶡤·¤Æ¤ª¤ê¡¢Åö³ºÀ½ÉʤòÍøÍѤ·¤Æ¤¤¤ë¸ÜµÒ¤ËÂФ·¤Æľ¤Á¤ËÂкö¤ò¹Ö¤¸¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë(»²¹Í¡§¡ÖKB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways¡×)¡£¤Þ¤¿¡¢½¤Àµ¥Ñ¥Ã¥Á¤Ï1·î22Æü°Ê¹ß¤Ë»ÃÄêÈǤò¡¢2·î19Æü°Ê¹ß¤ËºÇ½ªÈǤò¥ê¥ê¡¼¥¹¤¹¤ëͽÄê¤È¤·¤Æ¤¤¤ë¡£
¡û¹ñÆâ¤Ç¤â°ÍѤò³Îǧ
IPA¤Ï¡¢ÂоݤÎÀȼåÀ¤ò°ÍѤ·¤¿¤È»×¤ï¤ì¤ë¹¶·â¤¬¹ñÆâ¤Ç´Ñ¬¤µ¤ì¤¿¤È¤Î¾ðÊ󤬤¢¤ë¤È¤·¤Æ¡¢Âкö¤ò¸¡Æ¤¤¹¤ë¤è¤¦¡¢Ãí°Õ¤ò´µ¯¤·¤Æ¤¤¤ë¡Ê»²¹Í¡§Ivanti Connect Secure¡ÊµìPulse Connect Secure¡Ë¤ª¤è¤Ó Ivanti Policy Secure Gateways ¤ÎÀȼåÀÂкö¤Ë¤Ä¤¤¤Æ(CVE-2023-46805 Åù)¡Ë¡£
