{"id":7696,"date":"2021-04-06T11:28:03","date_gmt":"2021-04-06T03:28:03","guid":{"rendered":"https:\/\/ailog.tw\/lifelog\/?p=7696"},"modified":"2021-05-29T18:33:38","modified_gmt":"2021-05-29T10:33:38","slug":"fortinet-2021-fix","status":"publish","type":"post","link":"https:\/\/ailog.tw\/lifelog\/2021\/04\/06\/fortinet-2021-fix\/","title":{"rendered":"FBI\u53caCISA\u8b66\u544aFortinet\u7684\u6f0f\u6d1e\u4e0d\u4fee\u88dc\uff0c\u53ef\u80fd\u6703\u906d\u53d7\u570b\u5bb6\u99ed\u5ba2\u653b\u64ca\u8207\u5229\u7528"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">\u7f8e\u570b\u806f\u90a6\u8abf\u67e5\u5c40(FBI)\u53ca\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u67b6\u69cb\u5b89\u5168\u7ba1\u7406\u7f72(CISA)\uff0c\u65bc2021\u5e744\u67082\u65e5\u767c\u5e03\u7684\u806f\u5408\u5efa\u8b70\u63d0\u4f9b\u7684\u8b49\u64da\u8868\u793a\uff0c\u76ee\u524d\u4ecd\u6709\u5927\u91cf\u7684\u9632\u706b\u7246\u8a2d\u5099\u672a\u9032\u884c\u8edf\u9ad4\u4fee\u88dc\u66f4\u65b0\u4e14\u53ef\u80fd\u906d\u53d7\u99ed\u5ba2\u653b\u64ca\u8207\u5229\u7528\uff0c\u8d95\u5feb\u6aa2\u67e5\u624b\u908a\u7684Fortigate\u9632\u706b\u7246\u662f\u5426\u6709\u9019\u5e7e\u500b\u98a8\u96aa\u5427!<!--more--><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u7f8e\u570b\u806f\u90a6\u8abf\u67e5\u5c40(FBI)\u53ca\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u67b6\u69cb\u5b89\u5168\u7ba1\u7406\u7f72(CISA)\u5efa\u8b70\u5831\u544a\uff1a<\/span><br \/>\n<span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.ic3.gov\/Media\/News\/2021\/210402.pdf\">https:\/\/www.ic3.gov\/Media\/News\/2021\/210402.pdf<\/a><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u8a72\u5831\u544a\u6700\u4e3b\u8981\u662f\u91dd\u5c0d\u4ee5\u4e0b\u4e09\u500bFortinet\u6f0f\u6d1e\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">FG-IR-19-037\/CVE-2019-5591<\/span><br \/>\n<span style=\"font-size: 14pt;\">FG-IR-18-384\/CVE-2018-13379<\/span><br \/>\n<span style=\"font-size: 14pt;\">FG-IR-19-283\/CVE-2020-12812<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Fortinet\u5b98\u65b9\u8aaa\u660e\uff1a<\/span><br \/>\n<span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.fortinet.com\/blog\/psirt-blogs\/patch-vulnerability-management\">https:\/\/www.fortinet.com\/blog\/psirt-blogs\/patch-vulnerability-management<\/a><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u76f8\u95dc\u7684\u5efa\u8b70\u63aa\u65bd\uff1a<br \/>\n<strong>[FG-IR-19-037\/CVE-2019-5591]<\/strong><\/span><br \/>\n<span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-19-037\">https:\/\/www.fortiguard.com\/psirt\/FG-IR-19-037<\/a><\/span><br \/>\n<span style=\"font-size: 14pt;\">\u554f\u984c\uff1aFortiOS\u4e2d\u7684\u9ed8\u8a8d\u914d\u7f6e\u6f0f\u6d1e\u53ef\u80fd\u5141\u8a31\u540c\u4e00\u5b50\u7db2\u4e2d\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u653b\u64ca\u8005\u901a\u904e\u6a21\u64ecLDAP\u670d\u52d9\u5668\u4f86\u6514\u622a\u654f\u611f\u4fe1\u606f\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u767c\u4f48\u65e5\u671f\uff1a2019\u5e747\u670826\u65e5\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u53d7\u5f71\u97ff\u7684\u7522\u54c1\uff1aFortiOS 6.2.0\u53ca\u66f4\u4f4e\u7248\u672c\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u89e3\u6c7a\u65b9\u6848\uff1a\u5347\u7d1a\u52306.2.1\u7248\u672c\u4e14\u5fc5\u9808\u555f\u7528\u670d\u52d9\u5668\u8eab\u4efd\u6aa2\u67e5\u3002<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u555f\u7528\u670d\u52d9\u5668\u8eab\u4efd\u6aa2\u67e5\u6307\u4ee4\u5982\u4e0b\uff1a<\/span><br \/>\n<span style=\"font-size: 14pt;\">config user ldap<\/span><br \/>\n<span style=\"font-size: 14pt;\">edit ldap-server<\/span><br \/>\n<span style=\"font-size: 14pt;\">set ca-cert<\/span><br \/>\n<span style=\"font-size: 14pt;\">set secure ldaps<\/span><br \/>\n<span style=\"font-size: 14pt;\">set server-identity-check enable<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><strong>[FG-IR-18-384\/CVE-2018-13379]<\/strong><\/span><br \/>\n<span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-18-384\">https:\/\/www.fortiguard.com\/psirt\/FG-IR-18-384<\/a><\/span><br \/>\n<span style=\"font-size: 14pt;\">\u554f\u984c\uff1aFortiOS SSL VPN Web\u4e2d\u7684\u8def\u5f91\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5141\u8a31\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u653b\u64ca\u8005\u901a\u904e\u7279\u88fdHTTP\u8cc7\u6e90\u8acb\u6c42\u4e0b\u8f09FortiOS\u7cfb\u7d71\u6a94\u6848\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u767c\u4f48\u65e5\u671f\uff1a2019\u5e745\u670824\u65e5\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u53d7\u5f71\u97ff\u7684\u7522\u54c1\uff1a<\/span><br \/>\n<span style=\"font-size: 14pt;\">FortiOS 6.0-6.0.0\u81f36.0.4<\/span><br \/>\n<span style=\"font-size: 14pt;\">FortiOS 5.6-5.6.3\u81f35.6.7<\/span><br \/>\n<span style=\"font-size: 14pt;\">FortiOS 5.4-5.4.6\u81f35.4.12<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u89e3\u6c7a\u65b9\u6848\uff1a\u5347\u7d1a\u5230FortiOS 5.4.13\u30015.6.8\u30016.0.5\u62166.2.0\u53ca\u66f4\u9ad8\u7248\u672c\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u5982\u679c\u78ba\u5b9a\u6c92\u4f7f\u7528\u5230SSL VPN\u53ef\u4ee5\u900f\u904e\u4e0b\u65b9\u6307\u4ee4\uff0c\u5c07SSL VPN\u5b8c\u5168\u505c\u7528\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">config vpn ssl settings<\/span><br \/>\n<span style=\"font-size: 14pt;\">unset source-interface<\/span><br \/>\n<span style=\"font-size: 14pt;\">end<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><strong>[FG-IR-19-283\/CVE-2020-12812]<\/strong><\/span><br \/>\n<span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-19-283\">https:\/\/www.fortiguard.com\/psirt\/FG-IR-19-283<\/a><\/span><br \/>\n<span style=\"font-size: 14pt;\">\u554f\u984c\uff1a\u5982\u679cFortiOS\u4e2dSSL VPN\u4e2d\u7684\u8eab\u4efd\u9a57\u8b49\u6f0f\u6d1e\u4e0d\u6b63\u78ba\uff0c\u5247\u5982\u679c\u7528\u6236\u66f4\u6539\u4e86\u7528\u6236\u540d\u7684\u5927\u5c0f\u5beb\uff0c\u53ef\u80fd\u6703\u5c0e\u81f4\u7528\u6236\u6210\u529f\u767b\u9304\u800c\u4e0d\u6703\u63d0\u793a\u60a8\u8f38\u5165\u7b2c\u4e8c\u500b\u8eab\u4efd\u9a57\u8b49\u56e0\u7d20(FortiToken)\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u767c\u4f48\u65e5\u671f\uff1a2020\u5e747\u670813\u65e5\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u53d7\u5f71\u97ff\u7684\u7522\u54c1\uff1aFortiOS 6.4.0\u30016.2.0\u81f36.2.3\u30016.0.9\u53ca\u4ee5\u4e0b\u3002<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u89e3\u6c7a\u65b9\u6848\uff1a<\/span><br \/>\n<span style=\"font-size: 14pt;\">\u5347\u7d1a\u5230\u4ee5\u4e0bFortiOS\u7248\u672c\uff1a6.4.1\u6216\u66f4\u9ad8\u7248\u672c\u30016.2.4\u6216\u66f4\u9ad8\u7248\u672c\u30016.0.10\u6216\u66f4\u9ad8\u7248\u672c<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7f8e\u570b\u806f\u90a6\u8abf\u67e5\u5c40(FBI)\u53ca\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u67b6\u69cb\u5b89\u5168\u7ba1\u7406\u7f72(CISA)\uff0c\u65bc2021\u5e744\u67082\u65e5\u767c\u5e03\u7684\u806f\u5408\u5efa\u8b70\u63d0\u4f9b\u7684\u8b49 &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/ailog.tw\/lifelog\/2021\/04\/06\/fortinet-2021-fix\/\" class=\"more-link\">\u95b1\u8b80\u5168\u6587<span class=\"screen-reader-text\">\u3008FBI\u53caCISA\u8b66\u544aFortinet\u7684\u6f0f\u6d1e\u4e0d\u4fee\u88dc\uff0c\u53ef\u80fd\u6703\u906d\u53d7\u570b\u5bb6\u99ed\u5ba2\u653b\u64ca\u8207\u5229\u7528\u3009<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":7699,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,381,385],"tags":[3504,272,3500,3502,3503,3505,274,3499,3501,33],"class_list":["post-7696","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-itinfo","category-firewall","category-security","tag-cisa","tag-cve-2018-13379","tag-cve-2019-5591","tag-cve-2020-12812","tag-fbi","tag-fbicisafortinet","tag-fg-ir-18-384","tag-fg-ir-19-037","tag-fg-ir-19-283","tag-fortinet"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts\/7696","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/comments?post=7696"}],"version-history":[{"count":4,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts\/7696\/revisions"}],"predecessor-version":[{"id":8563,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts\/7696\/revisions\/8563"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/media\/7699"}],"wp:attachment":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/media?parent=7696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/categories?post=7696"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/tags?post=7696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}