ã»ãã¥ãªã㣠ã¢ããã€ã¶ãª ID: NSKPSA-2023-001
æ·±å»åºŠ: é«ã
æåã«äŒãããã: 2023幎5æ10æ¥
å
šäœ CVSS ã¹ã³ã¢: 7.0
ããŒãžã§ã³: 1.0
Â
Description
NT\SYSTEM ç¹æš©ã§å®è¡ãããŠãã Netskope Client ãµãŒãã¹ã¯ãlocalhost ããã®ãããã¯ãŒã¯æ¥ç¶ãåãå
¥ããŠãããŸããŸãªãµãŒãã¹ãéå§ããã³ãã³ããå®è¡ããŸãã ãã®ãµãŒãã¹ã®æ¥ç¶åŠç颿°ã¯ãçžå¯Ÿãã¹ã䜿çšããŠãã³ã³ãã¥ãŒã¿ãŒäžã®æ§æãã¡ã€ã«ãããŠã³ããŒãããã³è§£åããŸãã ãã®çžå¯Ÿãã¹ã¯ãããŒã«ã«ãŠãŒã¶ãŒãããé«ãç¹æš©ãæã€ãŠãŒã¶ãŒã®ã¿ãã¢ã¯ã»ã¹ã§ããå Žæã«ä»»æã®ãã¡ã€ã«ãæžãèŸŒãæ¹æ³ãæäŸããŸããã ããã¯ãããŒã«ã«ãŠãŒã¶ãŒããšã³ããã·ã³ã§NT\SYSTEMæš©éã§ã³ãŒããå®è¡ããããã«æªçšãããå¯èœæ§ããããŸãã
Â
Affected Product(s) and Version(s)
Netskope Client for Windows v99 & Prior
Â
CVE-ID(s)
CVE-2023-2270
Â
Remediation
Netskopeã¯è匱æ§ã«ããããé©çšããä¿®æ£ããããã€ããªããªãªãŒã¹ããŸããã ã客æ§ã¯ã Netskope Client v100 以éã«ã¢ããã°ã¬ãŒãããããšããå§ãããŸãã NetskopeããŠã³ããŒãæé â Netskope Client ãšã¹ã¯ãªããã®ããŠã³ããŒãâNetskopeãµããŒã
Â
Workaround
Netskopeã¯ã補åã®ã»ãã¥ãªãã£ã匷åãã远å ã®ã»ãã¥ãªãã£æ©èœãåãã Netskope Client ã®åŒ·åã«é¢ããææžåãããã¬ã€ããæäŸããŠããŸãã ã¬ã€ãã©ã€ã³ã¯æ¬¡ã®ãšããã§ã https://docs.netskope.com/en/netskope-client-hardening.html
Â
äžè¬çãªã»ãã¥ãªãã£ã®ãã¹ã ãã©ã¯ãã£ã¹
Netskope補åã«æšå¥šãããã»ãã¥ãªãã£ã®ãã¹ããã©ã¯ãã£ã¹ã¯æ¬¡ã®ãšããã§ãã
Â
Special Notes and Acknowledgement
Netskopeã¯ããã®æ¬ é¥ãå ±åããHDWSecã®Jean-Jamil Khalifeã®å瞟ãèªããŠããŸãã
Â
Exploitation and Public Disclosures
Netskopeã¯ãå
¬éæç¹ã§ãã®è匱æ§ãäžè¬ã«å
¬éããã³æªçšãããŠããããšãèªèããŠããŸããã
Â
Revision History
ããŒãžã§ã³ | æ¥ä» | Section | Notes |
---|---|---|---|
1.0 | 2023幎5æ10æ¥ | åæãªãªãŒã¹ |
Â
Â
å
責äºé
é©çšæ³ã§èªããããæå€§éã®ç¯å²ã§ããã®éç¥ã§æäŸãããæ
å ±ã¯ããããªãçš®é¡ã®ä¿èšŒããªããçŸç¶æå§¿ãã§æäŸãããŸãã ãã®éç¥ã®æ
å ±ãŸãã¯ããã«ãªã³ã¯ãããŠããè³æã®äœ¿çšã¯ããèªèº«ã®è²¬ä»»ã§è¡ã£ãŠãã ããã ãã®éç¥ããã³ Netskope 補åã»ãã¥ãªãã£ã€ã³ã·ãã³ã察å¿ããªã·ãŒã®ãã¹ãŠã®åŽé¢ã¯ãäºåãªãã«å€æŽãããå ŽåããããŸãã ç¹å®ã®åé¡ãŸãã¯åé¡ã®ã¯ã©ã¹ã«å¯Ÿããå¿çã¯ä¿èšŒãããŸããã NetskopeãœãããŠã§ã¢ãŸãã¯ãµãŒãã¹ã®è匱æ§ãå«ããä¿èšŒããµããŒããããã³ã¡ã³ããã³ã¹ã«é¢ããã客æ§ã®æš©å©ã¯ãNetskopeãšã客æ§ã®éã®è©²åœããåºæ¬å¥çŽã«ãã£ãŠã®ã¿ç®¡çãããŸãã ãã®éç¥ã®èšè¿°ã¯ã該åœããåºæ¬å¥çŽã«åºã¥ãã客æ§ã®æš©å©ã倿Žãæ¡å€§ããŸãã¯ãã®ä»ã®æ¹æ³ã§ä¿®æ£ãããã®ã§ã¯ãªãã远å ã®ä¿èšŒãŸãã¯ã³ãããã¡ã³ããäœæãããã®ã§ããããŸããã
Â
Netskopeã«ã€ããŠ
SASEã®ãªãŒããŒã§ããNetskopeã¯ããããã¯ãŒã¯ã®å
å€ãåãããããããããã€ã¹ãããŠãŒã¶ãŒãã€ã³ã¿ãŒããããããããã¢ããªã±ãŒã·ã§ã³ãã€ã³ãã©ã¹ãã©ã¯ãã£ã«å®å
šãã€è¿
éã«æ¥ç¶ããŸããNetskope Security Cloudã¯ãåäžã®ãã©ãããã©ãŒã ã«ãã€ãã£ãã«æ§ç¯ããã CASBãSWGãZTNAã䜿çšããŠãç¹èš±ååŸæžã¿ã®ãã¯ãããžãŒãä»ããŠæã詳现ãªã³ã³ããã¹ããæäŸããããããå Žæã§ããŒã¿ä¿è·ãšè
åšé²æ¢å
šäœã«ãŒããã©ã¹ãååãé©çšããªãããæ¡ä»¶ä»ãã¢ã¯ã»ã¹ãšãŠãŒã¶ãŒèªèãå¯èœã«ããŸãã ã»ãã¥ãªãã£ãšãããã¯ãŒãã³ã°ã®ãã¬ãŒããªãã匷å¶ããä»ã®äŒæ¥ãšã¯ç°ãªããNetskopeã®ã°ããŒãã«ã»ãã¥ãªãã£ãã©ã€ããŒãã¯ã©ãŠãã¯ããšããžã§å®å
šãªã³ã³ãã¥ãŒãã£ã³ã°æ©èœãæäŸããŸãã
Netskopeã¯ãããããå Žæã§é«éãããŒã¿äžå¿ãã¯ã©ãŠãã¹ããŒããªãœãªã¥ãŒã·ã§ã³ã§ãåªããããžã¿ã«åãå®çŸããããŒã¿ã«ã³ã¹ãã®åæžã«è²¢ç®ããŠããŸãã
ãé£çµ¡ããåŸ ã¡ããŠãããŸãïŒ