Fortinet FortiOS¤Ë¶ÛµÞ¤ÎÀȼåÀ¡¢³Îǧ¤ÈÂкö¤ò
Fortinet¤Ï2·î8Æü(Êƹñ»þ´Ö)¡¢¡ÖPSIRT¡ÃFortiGuard¡×¤Ë¤ª¤¤¤Æ¡¢Æ±¼Ò¤Î¥Í¥Ã¥È¥ï¡¼¥¯OS¡ÖFortiOS¡×¤Ë¶³¦³°½ñ¤¹þ¤ß¤ÎÀȼåÀ¤¬Â¸ºß¤¹¤ë¤Èȯɽ¤·¤¿¡£¤³¤ÎÀȼåÀ¤ò°ÍѤµ¤ì¤ë¤È¡¢¥ê¥â¡¼¥È¤Îǧ¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤¹¶·â¼Ô¤Ë¤è¤êǤ°Õ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ë¡£¤³¤ÎÀȼåÀ¤Ï°ÍѤµ¤ì¤ë²ÄǽÀ¤¬¤¢¤ë¤È»ØŦ¤µ¤ì¤Æ¤ª¤êÃí°Õ¤¬É¬Íס£¾ðÊó½èÍý¿ä¿Êµ¡¹½(IPA: Information-technology Promotion Agency, Japan)¤ª¤è¤ÓJPCERT¥³¡¼¥Ç¥£¥Í¡¼¥·¥ç¥ó¥»¥ó¥¿¡¼(JPCERT/CC: Japan Computer Emergency Response Team Coordination Center)¤â¼¡¤Î¤È¤ª¤ê·Ù²ü¤ò¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£
Fortinet À½ FortiOS SSL VPN ¤ÎÀȼåÀÂкö¤Ë¤Ä¤¤¤Æ(CVE-2024-21762) | ¾ðÊ󥻥¥å¥ê¥Æ¥£ | IPA ÆÈΩ¹ÔÀ¯Ë¡¿Í ¾ðÊó½èÍý¿ä¿Êµ¡¹½
FortinetÀ½FortiOS¤Î¶°è³°½ñ¤¹þ¤ß¤ÎÀȼåÀ¡ÊCVE-2024-21762¡Ë¤Ë´Ø¤¹¤ëÃí°Õ´µ¯
PSIRT¡ÃFortiGuard
¡ûÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ëÀ½ÉʤȽ¤Àµ¥Ð¡¼¥¸¥ç¥ó
ÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ë¤È¤µ¤ì¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
FortiOS 7.4.0¤«¤é7.4.2¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.2.0¤«¤é7.2.6¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.0.0¤«¤é7.0.13¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.4.0¤«¤é6.4.14¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.2.0¤«¤é6.2.15¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.0¤Î¤¹¤Ù¤Æ¤Î¥Ð¡¼¥¸¥ç¥ó
ÀȼåÀ¤ò½¤Àµ¤·¤¿À½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
FortiOS 7.4.3¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.2.7¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.0.14¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.4.15¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.2.16¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.0·ÏÅý¤Ï½¤Àµ¥Ð¡¼¥¸¥ç¥ó¤Ø¤Î¥¢¥Ã¥×¥°¥ì¡¼¥É¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢FortiOS 7.6·ÏÅý¤Ï¤³¤Î¥»¥¥å¥ê¥Æ¥£ÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤Ê¤¤¤È¤µ¤ì¤ë¡£À½ÉʤΥ¢¥Ã¥×¥Ç¡¼¥È¤Ï¡Ödocs.fortinet.com/upgrade-tool¡×¤Ë½¾¤¤¼Â»Ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£
¡ûÀȼåÀ¤Î¾ðÊ󤪤è¤Ó²óÈòºö
½¤Àµ¤µ¤ì¤¿ÀȼåÀ¤Î¾ðÊó¤Ï¼¡¤Î¤È¤ª¤ê¡£
CVE-2024-21762 - ¶³¦³°½ñ¤¹þ¤ß¤ÎÀȼåÀ¡£¹¶·â¼Ô¤¬ÆÃÊ̤˺ٹ©¤·¤¿HTTP¥ê¥¯¥¨¥¹¥È¤ò»ÈÍѤ¹¤ë¤³¤È¤Ç¥ê¥â¡¼¥È¤«¤éÉÔÀµ¤Ê¥³¡¼¥É¤ä¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë²ÄǽÀ¤¬¤¢¤ë
Fortinet¤Ï¥¢¥Ã¥×¥Ç¡¼¥È¤ò¼Â»Ü¤Ç¤¤Ê¤¤¾ì¹ç¡¢²óÈòºö¤È¤·¤ÆSSL VPN¤ò̵¸ú¤Ë¤¹¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£¤Ê¤ª¡¢Web¥â¡¼¥É¤ò̵¸ú¤Ë¤¹¤ë¤³¤È¤Ï͸ú¤Ê²óÈòºö¤Ë¤Ê¤é¤Ê¤¤¡£
¡û±Æ¶Á
The Hacker News¤Ï2·î9Æü(¸½ÃÏ»þ´Ö)¡¢¡ÖFortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation¡×¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎÀȼåÀ¤¬°ÍѤµ¤ì¤Æ¤¤¤ë²ÄǽÀ¤¬¤¢¤ë¤È¤·¤ÆÃí°Õ´µ¯¤·¤¿¡£Ãæ¹ñ¤¬»Ù±ç¤·¤Æ¤¤¤ë¤È¤ß¤é¤ì¤ë¶¼°Ò¥°¥ë¡¼¥×¡ÖVolt Typhoon¡×¤Ê¤É¤Ï¤³¤ì¤Þ¤Ç¤âÉý¹¤¤¥Þ¥ë¥¦¥§¥¢¤òŸ³«¤¹¤ë¤¿¤á¤Ë¡¢Fortinet¥¢¥×¥é¥¤¥¢¥ó¥¹¤Î¤µ¤Þ¤¶¤Þ¤ÊÀȼåÀ¤ò½é´ü¥¢¥¯¥»¥¹¤Ë°ÍѤ·¤Æ¤¤¤ë¤È»ØŦ¤µ¤ì¤Æ¤¤¤ë¡£
¤Þ¤¿¡¢ÊƹñÅÚ°ÂÁ´Êݾã¾Ê¥µ¥¤¥Ð¡¼¥»¥¥å¥ê¥Æ¥£¡¦¥¤¥ó¥Õ¥é¥¹¥È¥é¥¯¥Á¥ã¡¼¥»¥¥å¥ê¥Æ¥£Ä£(CISA: Cybersecurity and Infrastructure Security Agency)¤â2·î9Æü(Êƹñ»þ´Ö)¡¢¡ÖCISA Adds One Known Exploited Vulnerability to Catalog | CISA¡×¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎÀȼåÀ(CVE-2024-21762)¤¬³èȯ¤Ê°ÍѤ˻ÈÍѤµ¤ì¤¿¤È¤·¤Æ´ûÃΤÎÀȼåÀ¥«¥¿¥í¥°¤ËÄɲᣴë¶È¤Ë½ÅÂç¤Ê¥ê¥¹¥¯¤ò¤â¤¿¤é¤¹¤È·Ù¹ð¤·¡¢Â®¤ä¤«¤ÊÂкö¤òµá¤á¤Æ¤¤¤ë¡£
FortinetÀ½FortiOS¤Î¶°è³°½ñ¤¹þ¤ß¤ÎÀȼåÀ¡ÊCVE-2024-21762¡Ë¤Ë´Ø¤¹¤ëÃí°Õ´µ¯
PSIRT¡ÃFortiGuard
¡ûÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ëÀ½ÉʤȽ¤Àµ¥Ð¡¼¥¸¥ç¥ó
ÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ë¤È¤µ¤ì¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
FortiOS 7.4.0¤«¤é7.4.2¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.2.0¤«¤é7.2.6¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.0.0¤«¤é7.0.13¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.4.0¤«¤é6.4.14¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.2.0¤«¤é6.2.15¤Þ¤Ç¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.0¤Î¤¹¤Ù¤Æ¤Î¥Ð¡¼¥¸¥ç¥ó
ÀȼåÀ¤ò½¤Àµ¤·¤¿À½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
FortiOS 7.4.3¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.2.7¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 7.0.14¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.4.15¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.2.16¤Þ¤¿¤Ï¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó
FortiOS 6.0·ÏÅý¤Ï½¤Àµ¥Ð¡¼¥¸¥ç¥ó¤Ø¤Î¥¢¥Ã¥×¥°¥ì¡¼¥É¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢FortiOS 7.6·ÏÅý¤Ï¤³¤Î¥»¥¥å¥ê¥Æ¥£ÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤Ê¤¤¤È¤µ¤ì¤ë¡£À½ÉʤΥ¢¥Ã¥×¥Ç¡¼¥È¤Ï¡Ödocs.fortinet.com/upgrade-tool¡×¤Ë½¾¤¤¼Â»Ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£
¡ûÀȼåÀ¤Î¾ðÊ󤪤è¤Ó²óÈòºö
½¤Àµ¤µ¤ì¤¿ÀȼåÀ¤Î¾ðÊó¤Ï¼¡¤Î¤È¤ª¤ê¡£
CVE-2024-21762 - ¶³¦³°½ñ¤¹þ¤ß¤ÎÀȼåÀ¡£¹¶·â¼Ô¤¬ÆÃÊ̤˺ٹ©¤·¤¿HTTP¥ê¥¯¥¨¥¹¥È¤ò»ÈÍѤ¹¤ë¤³¤È¤Ç¥ê¥â¡¼¥È¤«¤éÉÔÀµ¤Ê¥³¡¼¥É¤ä¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë²ÄǽÀ¤¬¤¢¤ë
Fortinet¤Ï¥¢¥Ã¥×¥Ç¡¼¥È¤ò¼Â»Ü¤Ç¤¤Ê¤¤¾ì¹ç¡¢²óÈòºö¤È¤·¤ÆSSL VPN¤ò̵¸ú¤Ë¤¹¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£¤Ê¤ª¡¢Web¥â¡¼¥É¤ò̵¸ú¤Ë¤¹¤ë¤³¤È¤Ï͸ú¤Ê²óÈòºö¤Ë¤Ê¤é¤Ê¤¤¡£
¡û±Æ¶Á
The Hacker News¤Ï2·î9Æü(¸½ÃÏ»þ´Ö)¡¢¡ÖFortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation¡×¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎÀȼåÀ¤¬°ÍѤµ¤ì¤Æ¤¤¤ë²ÄǽÀ¤¬¤¢¤ë¤È¤·¤ÆÃí°Õ´µ¯¤·¤¿¡£Ãæ¹ñ¤¬»Ù±ç¤·¤Æ¤¤¤ë¤È¤ß¤é¤ì¤ë¶¼°Ò¥°¥ë¡¼¥×¡ÖVolt Typhoon¡×¤Ê¤É¤Ï¤³¤ì¤Þ¤Ç¤âÉý¹¤¤¥Þ¥ë¥¦¥§¥¢¤òŸ³«¤¹¤ë¤¿¤á¤Ë¡¢Fortinet¥¢¥×¥é¥¤¥¢¥ó¥¹¤Î¤µ¤Þ¤¶¤Þ¤ÊÀȼåÀ¤ò½é´ü¥¢¥¯¥»¥¹¤Ë°ÍѤ·¤Æ¤¤¤ë¤È»ØŦ¤µ¤ì¤Æ¤¤¤ë¡£
¤Þ¤¿¡¢ÊƹñÅÚ°ÂÁ´Êݾã¾Ê¥µ¥¤¥Ð¡¼¥»¥¥å¥ê¥Æ¥£¡¦¥¤¥ó¥Õ¥é¥¹¥È¥é¥¯¥Á¥ã¡¼¥»¥¥å¥ê¥Æ¥£Ä£(CISA: Cybersecurity and Infrastructure Security Agency)¤â2·î9Æü(Êƹñ»þ´Ö)¡¢¡ÖCISA Adds One Known Exploited Vulnerability to Catalog | CISA¡×¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎÀȼåÀ(CVE-2024-21762)¤¬³èȯ¤Ê°ÍѤ˻ÈÍѤµ¤ì¤¿¤È¤·¤Æ´ûÃΤÎÀȼåÀ¥«¥¿¥í¥°¤ËÄɲᣴë¶È¤Ë½ÅÂç¤Ê¥ê¥¹¥¯¤ò¤â¤¿¤é¤¹¤È·Ù¹ð¤·¡¢Â®¤ä¤«¤ÊÂкö¤òµá¤á¤Æ¤¤¤ë¡£