Arịrịọ adịgboroja n'akụkụ ihe nkesa dị oke egwu (SSRF), nke akpọrọ CVE-2024-21893, ejirila oke egwu na nso nso a na ngwaahịa Ivanti Connect Secure and Policy Secure. Ọdịmma a ewelitela nchegbu dị ukwuu n'ime obodo cybersecurity n'ihi mbọ oke nrigbu na ikike nke ịnweta ikike na-akwadoghị, gụnyere nguzobe nke shei azụ.
Nkọwa nke CVE-2024-21893 nrigbu
Nrigbu a na-elekwasị anya CVE-2024-21893, ntụpọ SSRF dị n'ime mpaghara Asụsụ Nkwenye Nchekwa (SAML) nke ngwaahịa Ivanti. Ọdịmma a na-enye ndị na-awakpo ohere ịnweta akụrụngwa amachibidoro na-enweghị nyocha. Shadowserver Foundation kọrọ mmụba na mbọ irigbu sitere na ihe karịrị adreesị IP 170 dị iche iche, na-emesi ịdị ike nke ọnọdụ ahụ ike.
N'ụzọ doro anya, ụlọ ọrụ cybersecurity Rapid7 weputara ihe akaebe nke echiche (PoC) nke jikọtara CVE-2024-21893 na CVE-2024-21887, ntụpọ ntụtụ iwu pachiri na mbụ. Ngwakọta a na-eme ka mkpochapụ koodu dịpụrụ adịpụ na-akwadoghị, na-abawanye ihe egwu ndị metụtara adịghị ike ahụ.
Nrigbu Ala na ihe egwu
Ọnọdụ ahụ na-akawanye njọ site n'iji ngwa mepere emepe emechie n'ime ngwa Ivanti VPN, dịka onye nyocha nchekwa Will Dormann si pụta ìhè. Ejikọrọ adịghị ike SSRF emefuru (CVE-2024-21893) na ọbaakwụkwọ mepere emepe Shibboleth XMLTooling, nke edoziri na June 2023.
Ndị na-eme ihe egwu na-eme ngwa ngwa iji nweta ọnọdụ ahụ, na akụkọ sitere na Mandiant nke Google nwere na-ekpughe mmegbu nke CVE-2023-46805 na CVE-2024-21887. Ejila ihe nrigbu ndị a were ibuga shei webụ dị iche iche, gụnyere BUSHWALK, CHAINLINE, FRAMESTING, na LIGHTWIRE.
Ngosipụta na nzaghachi zuru ụwa ọnụ
Palo Alto Networks Unit 42's nchoputa na-egosi banyere a zuru ụwa ọnụ ikpughe, na 28,474 ikpe Ivanti Jikọọ Secure na Policy Secure achọpụtara na 145 mba n'etiti January 26 na 30, 2024. Ọzọkwa, 610 mie ikpe amatara gafee 44 mba dị ka nke January 23, 2024. .
Na nzaghachi maka iyi egwu na-arị elu, Ivanti emeela ihe iji dozie adịghị ike ahụ. Ha wepụtara faịlụ mbelata nke abụọ wee malite nkesa nkesa patches ndị ọrụ dịka nke February 1, 2024. A na-agba ndị otu dị iche iche ume ka ha tinye ngwa ngwa ndị a ma mejuputa usoro nchebe siri ike iji belata ihe ize ndụ ndị dị n'ụdị adịghị ike na PoC na-erigbu.
Omume kacha mma maka mgbochi
Iji gbochie ọrịa n'ọdịnihu na sistemu echedoro, otu dị iche iche kwesịrị ịme usoro kachasị mma ndị a:
- Tinye patches ngwa ngwa: Na-emelite mgbe niile ma tinye patches nche nke ndị na-ere ngwanrọ na-enye iji lebara adịghị ike ama ama.
- Nleba anya na-aga n'ihu: Mejuputa nleba anya na-aga n'ihu maka mmemme enyo yana ihe egwu nchekwa nwere ike ime n'ime netwọkụ.
- Ọzụzụ Mmata Nchekwa: Na-eduzi ọzụzụ mmata nchekwa oge niile maka ndị ọrụ ka ha mata na ịkọ akụkọ ihe egwu nwere ike ime.
- Nkewa netwọk: Were nkewa netwọkụ rụọ ọrụ iji belata mmetụta nke mmebi nwere ike ime yana kewapụ sistemu dị oke egwu.
- Jiri ọgụgụ isi iyi egwu dị elu: Nweta ọgụgụ isi iyi egwu dị elu ka ị mara banyere ihe egwu na adịghị ike na-apụta.
Site na ịrapagidesi ike na omume kachasị mma ndị a, òtù dị iche iche nwere ike ịkwalite ọnọdụ cybersecurity ha ma belata ihe ize ndụ nke ịdaba n'ịchụso adịghị ike dị egwu dị ka CVE-2024-21893 na Ivanta ngwaahịa. Mụrụ anya, usoro nchekwa na-arụ ọrụ nke ọma, na nzaghachi n'oge dị mkpa n'ọdịdị ihe egwu na-agbanwe taa.