Isicelo esibalulekileyo se-server-side application forgery (SSRF) sesichengeni, esichongwe njenge-CVE-2024-21893, isandula kuxhatshazwa kwinqanaba elothusayo kwiimveliso ze-Ivanti Connect Secure and Policy Secure. Obu buthathaka buphakamise inkxalabo ebalulekileyo kuluntu lokhuseleko lwe-intanethi ngenxa yemizamo yokuxhaphaza ngobuninzi kunye nokubanakho ukufikelela okungagunyaziswanga, kubandakanywa nokusekwa kweqokobhe elibuyela umva.
Iinkcukacha zeCVE-2024-21893 Exploitation
I-exploit ijolise ngokukodwa kwi-CVE-2024-21893, isiphene se-SSRF ngaphakathi kwecandelo le-Security Assertion Markup Language (SAML) yeemveliso ze-Ivanti. Obu buthathaka buvumela abahlaseli ukuba bafikelele kwimithombo ethintelweyo ngaphandle koqinisekiso. I-Shadowserver Foundation inike ingxelo yokwanda kwiinzame zokuxhaphaza ezivela kwiidilesi ze-IP ezahlukeneyo ezingaphezu kwe-170, igxininisa ubungqongqo bemeko.
Ngokucacileyo, inkampani yokhuseleko lwe-cybersecurity i-Rapid7 ikhuphe ubungqina bengcinga (i-PoC) edibanisa i-CVE-2024-21893 kunye ne-CVE-2024-21887, isiphene somyalelo esasifakwe ngaphambili. Le ndibaniselwano iququzelela ukuphunyezwa kwekhowudi ekude engagunyaziswanga, inyusa imingcipheko ehambelana nokuba sesichengeni.
Ukuxhaphaza iMeko yoMhlaba kunye nemingcipheko
Le meko yenziwa mandundu kukusetyenziswa kwamacandelo emithombo evulekileyo yakudala ngaphakathi kwezixhobo ze-Ivanti VPN, njengoko kugxininiswe ngumphandi wokhuseleko uWill Dormann. Ukuba sesichengeni kwe-SSRF esetyenzisiweyo (CVE-2024-21893) inxulunyaniswa nethala leencwadi leShibboleth XMLTooling elivulelekileyo, elasonjululwa ngoJuni ka-2023.
Abadlali besoyikiso baye bakhawuleza ukwenza imali kule meko, kunye neengxelo ezivela kwi-Google-owned Mandiant ebonisa ukuxhaphazwa kwe-CVE-2023-46805 kunye ne-CVE-2024-21887. Oku kuxhaphaza kusetyenziselwe ukubeka oonokrwece bewebhu abahlukeneyo, kuquka iBUSHWALK, CHAINLINE, FRAMESTING, kunye neLIGHTWIRE.
I-Global Exposure kunye neMpendulo
Izinto ezifunyenweyo zePalo Alto Networks Unit 42 zibonisa malunga nokuvezwa kwehlabathi jikelele, kunye neziganeko ezingama-28,474 ze-Ivanti Connect Secure kunye nePolisi efunyenweyo kumazwe ali-145 phakathi kwe-26 kaJanuwari kunye ne-30, 2024. .
Ukuphendula kwizisongelo ezikhulayo, u-Ivanti uthathe amanyathelo okujongana nobuthathaka. Bakhuphe ifayile yesibini yokunciphisa baza baqalisa ukusasazwa kwezibhambathiso ezisemthethweni ukusuka nge-1 kaFebruwari 2024. Imibutho iyabongozwa ukuba isebenzise ezi ziphetshana ngokukhawuleza kwaye iphumeze amanyathelo angqongqo okhuseleko ukunciphisa imingcipheko ebangelwa bubuthathaka obunjalo kunye nokuxhaphaza kwePoC.
IiNdlela eziGqwesileyo zoThintelo
Ukuthintela usulelo oluzayo kunye neenkqubo ezikhuselekileyo, imibutho kufuneka yamkele ezi ndlela zilandelayo:
- Faka iiPatches ngokukhawuleza: Hlaziya rhoqo kwaye usebenzise iipetshi zokhuseleko ezibonelelwa ngabathengisi besoftware ukulungisa ubuthathaka obaziwayo.
- Ukubeka iliso rhoqo: Ukuphumeza uhlolo oluqhubekayo lwemisebenzi ekrokrisayo kunye nezisongelo zokhuseleko ezinokuthi zibe kho kuthungelwano.
- Uqeqesho loKwazisa ngoKhuseleko: Ukuqhuba uqeqesho lokwazisa ngokhuseleko rhoqo kubasebenzi ukuze baqaphele kwaye baxele iingozi ezinokubakho.
- Ukwahlulahlula kweNethiwekhi: Qesha ulwahlulo lwenethiwekhi ukunciphisa impembelelo yokwaphulwa okunokwenzeka kunye nokwahlula iinkqubo ezibalulekileyo.
- Sebenzisa ubukrelekrele boMsongelo obukwinqanaba eliPhambili: Sebenzisa ubukrelekrele bezoyikiso eziphezulu ukuze uhlale unolwazi malunga nezisongelo ezivelayo kunye nokuba sesichengeni.
Ngokuthobela ezi zenzo zibalaseleyo, imibutho inokuphucula imeko yabo ye-cybersecurity kwaye inciphise umngcipheko wokuwa lixhoba lokuxhaphaza okujolise kubuthathaka obubalulekileyo njenge-CVE-2024-21893 Ivanta iimveliso. Ukuqaphela, amanyathelo okhuseleko asebenzayo, kunye neempendulo zangexesha zibalulekile kwimeko yanamhlanje yezoyikiso.