{"id":11621,"date":"2022-06-06T17:01:44","date_gmt":"2022-06-06T08:01:44","guid":{"rendered":"https:\/\/www.secuavail.com\/kb\/?p=11621"},"modified":"2024-08-23T11:39:33","modified_gmt":"2024-08-23T02:39:33","slug":"openssl-cve-2022-0778-utm-ips-waf","status":"publish","type":"post","link":"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/","title":{"rendered":"OpenSSL\u306e\u8106\u5f31\u6027(CVE-2022-0778)\u306b\u5bfe\u3059\u308b\u5404UTM\/IPS\/WAF\u306e\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066"},"content":{"rendered":"<p>\u30bb\u30ad\u30e5\u30a2\u30f4\u30a7\u30a4\u30eb\u306e\u65b0\u5165\u793e\u54e1\u3068\u306a\u308a\u307e\u3057\u305f\u65b0\u793e\u4f1a\u4eba 0x90 \u304cOpenSSL \u306e\u8106\u5f31\u6027\u3067\u3042\u308bCVE-2022-0778\u306e\u5404UTM\/IPS\/WAF\u306e\u5bfe\u5fdc\u72b6\u6cc1\u3092\u6295\u7a3f\u3057\u307e\u3059\u3002<\/p>\n<p>\u203b\u672c\u8a18\u4e8b\u306e\u5185\u5bb9\u306f\u30012022\u5e746\u67082\u65e5\u73fe\u5728\u306e\u516c\u958b\u60c5\u5831\u3092\u3082\u3068\u306b\u8a18\u8f09\u3057\u3066\u304a\u308a\u307e\u3059\u3002\u304a\u4f7f\u3044\u306e\u88fd\u54c1\u3067IPS\u6a5f\u80fd\u7b49\u304c\u5229\u7528\u3067\u304d\u308b\u30e9\u30a4\u30bb\u30f3\u30b9\u3067\u3042\u308b\u304b\u3001\u30b7\u30b0\u30cd\u30c1\u30e3\u7b49\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u65b9\u6cd5\u3084\u5177\u4f53\u7684\u306a\u691c\u77e5\u30fb\u9632\u5fa1\u306e\u8a2d\u5b9a\u65b9\u6cd5\u306b\u3064\u3044\u3066\u306f\u8cfc\u5165\u5143\u306e\u4ee3\u7406\u5e97\u69d8\u3084\u904b\u7528\u30fb\u4fdd\u5b88\u30d9\u30f3\u30c0\u30fc\u69d8\u3078\u304a\u554f\u3044\u5408\u308f\u305b\u304f\u3060\u3055\u3044\u3002<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">\u76ee\u6b21<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#CVE-2022-0778%E3%81%AE%E6%A6%82%E8%A6%81\" >CVE-2022-0778\u306e\u6982\u8981<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#CVE-2022-0778%E3%81%AE%E5%BD%B1%E9%9F%BF%E7%AF%84%E5%9B%B2\" >CVE-2022-0778\u306e\u5f71\u97ff\u7bc4\u56f2<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#CVE-2022-0778%E3%81%AE%E5%9F%BA%E6%9C%AC%E7%9A%84%E3%81%AA%E5%AF%BE%E7%AD%96\" >CVE-2022-0778\u306e\u57fa\u672c\u7684\u306a\u5bfe\u7b56<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#%E5%90%84UTMIPSWAF%E3%83%95%E3%82%A1%E3%82%A4%E3%82%A2%E3%82%A6%E3%82%A9%E3%83%BC%E3%83%AB%E3%81%AE%E5%AF%BE%E5%BF%9C%E7%8A%B6%E6%B3%81%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6\" >\u5404UTM\/IPS\/WAF\/\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#Palo_Alto_Networks\" >Palo Alto Networks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#Fortinet\" >Fortinet<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#F5_Networks\" >F5 Networks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#SonicWall\" >SonicWall<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#A10_Networks\" >A10 Networks<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.secuavail.com\/kb\/nw-device\/openssl-cve-2022-0778-utm-ips-waf\/#%E3%81%BE%E3%81%A8%E3%82%81\" >\u307e\u3068\u3081<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"CVE-2022-0778%E3%81%AE%E6%A6%82%E8%A6%81\"><\/span>CVE-2022-0778\u306e\u6982\u8981<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CVE-2022-0778\u306fOpenSSL\u304c\u4e0d\u6b63\u306a\u8a3c\u660e\u66f8\u3092\u51e6\u7406\u3059\u308b\u3053\u3068\u3067\u7121\u9650\u30eb\u30fc\u30d7\u3092\u5f15\u304d\u8d77\u3053\u3059\u8106\u5f31\u6027\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u8106\u5f31\u6027\u306e\u88ab\u5bb3\u3068\u3057\u3066\u30b5\u30fc\u30d3\u30b9\u63d0\u4f9b\u4e0d\u80fd\u72b6\u614b\u306b\u9665\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001CVSS\u306f7.5\u3068\u9ad8\u3044\u5024\u3067\u3059\u3002<\/p>\n<p>CVE-2022-0778\u306f\u6b21\u306e\u72b6\u6cc1\u3067\u8d77\u3053\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>TLS \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u51e6\u7406\u3059\u308b<\/li>\n<li>TLS \u30b5\u30fc\u30d0\u304c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u51e6\u7406\u3059\u308b<\/li>\n<li>\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u30b5\u30fc\u30d3\u30b9\u4e8b\u696d\u8005\u304c\u9867\u5ba2\u304b\u3089\u53d7\u3051\u53d6\u3063\u305f\u8a3c\u660e\u66f8\u3084\u79d8\u5bc6\u9375\u3092\u51e6\u7406\u3059\u308b<\/li>\n<li>\u8a8d\u8a3c\u5c40\u304c\u5951\u7d04\u8005\u304b\u3089\u53d7\u3051\u53d6\u3063\u305f CSR (\u8a3c\u660e\u66f8\u7f72\u540d\u8981\u6c42) \u30c7\u30fc\u30bf\u3092\u51e6\u7406\u3059\u308b<\/li>\n<li>\u305d\u306e\u4ed6\u30011 \u5f62\u5f0f\u306e\u6955\u5186\u66f2\u7dda\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u51e6\u7406\u3059\u308b\u5834\u5408<\/li>\n<\/ul>\n<p>NVD\u304b\u3089\u306e\u767a\u8868<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-0778\" target=\"_blank\" rel=\"noopener\">NVD - CVE-2022-0778<\/a><\/p>\n<p>JPCERT\/CC\u306e\u8106\u5f31\u6027\u60c5\u5831<\/p>\n<p><a href=\"https:\/\/jvndb.jvn.jp\/ja\/contents\/2022\/JVNDB-2022-001476.html\" target=\"_blank\" rel=\"noopener\">OpenSSL \u306e BN_mod_sqrt() \u306b\u304a\u3051\u308b\u6cd5\u304c\u975e\u7d20\u6570\u306e\u3068\u304d\u306b\u7121\u9650\u30eb\u30fc\u30d7\u3092\u5f15\u304d\u8d77\u3053\u3059\u554f\u984c<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"CVE-2022-0778%E3%81%AE%E5%BD%B1%E9%9F%BF%E7%AF%84%E5%9B%B2\"><\/span>CVE-2022-0778\u306e\u5f71\u97ff\u7bc4\u56f2<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CVE-2022-0778\u306e\u5f71\u97ff\u7bc4\u56f2\u306f\u3001\u4e0b\u8a18\u306eOpenSSL\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\u3002<\/p>\n<ul>\n<li>0.2-1.0.2zc<\/li>\n<li>1.1-1.1.1m<\/li>\n<li>0.0, 3.0.1<\/li>\n<\/ul>\n<p>\u203b\u4e0a\u8a18\u4ee5\u5916\u306e\u30b5\u30dd\u30fc\u30c8\u5916\u306eOpenSSL\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3082\u5f71\u97ff\u3092\u53d7\u3051\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2><span class=\"ez-toc-section\" id=\"CVE-2022-0778%E3%81%AE%E5%9F%BA%E6%9C%AC%E7%9A%84%E3%81%AA%E5%AF%BE%E7%AD%96\"><\/span>CVE-2022-0778\u306e\u57fa\u672c\u7684\u306a\u5bfe\u7b56<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CVE-2022-0778\u306e\u57fa\u672c\u7684\u306a\u5bfe\u7b56\u3068\u3057\u3066OpenSSL\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><strong>OpenSSL 1.0.2\u00a0\u00a0\u00a0\u00a0 \u2192\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OpenSSL1.0.2zd<\/strong><\/p>\n<p><strong>OpenSSL 1.1.1\u00a0\u00a0\u00a0\u00a0 \u2192\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OpenSSL1.1.1n<\/strong><\/p>\n<p><strong>OpenSSL 3.0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u2192\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OpenSSL3.0.2<\/strong><\/p>\n<p>\u203b\u4e0a\u8a18\u4ee5\u5916\u306e\u30b5\u30dd\u30fc\u30c8\u5916\u306eOpenSSL\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3082\u5f71\u97ff\u3092\u53d7\u3051\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%E5%90%84UTMIPSWAF%E3%83%95%E3%82%A1%E3%82%A4%E3%82%A2%E3%82%A6%E3%82%A9%E3%83%BC%E3%83%AB%E3%81%AE%E5%AF%BE%E5%BF%9C%E7%8A%B6%E6%B3%81%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6\"><\/span>\u5404UTM\/IPS\/WAF\/\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Palo Alto Networks, Fortinet, F5 Networks, SonicWall, A10 Networks\u306e\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Palo_Alto_Networks\"><\/span>Palo Alto Networks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Palo Alto Networks\u88fd\u54c1\u306eCVE-2022-0778\u5bfe\u7b56\u3068\u3057\u3066\u88fd\u54c1\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>PAN-OS<\/p>\n<p>8.1.23, 9.0.16-h2, 9.1.13-h3, 10.0.10, 10.1.5-h1, 10.2.1\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>GlobalProtect \u30a2\u30d7\u30ea<\/p>\n<p>5.1.11, 5.2.12, 5.3.4, 6.0.1\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5bfe\u5fdc\u3059\u308b\u30b7\u30b0\u30cd\u30c1\u30e3(\u4eca\u5f8c\u8ffd\u52a0\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002)<\/p>\n<ul>\n<li>OpenSSL Elliptic Curve Public Key Handling Denial-of-Service Vulnerability(ID:92409, 92411,92522)<\/li>\n<\/ul>\n<p>\u5bfe\u5fdc\u72b6\u6cc1\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001<a href=\"https:\/\/security.paloaltonetworks.com\/CVE-2022-0778\" target=\"_blank\" rel=\"noopener\">Palo Alto Networks Security Advisories<\/a>\u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Fortinet\"><\/span>Fortinet<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>FortiGate\u88fd\u54c1\u306eCVE-2022-0778\u5bfe\u7b56\u3068\u3057\u3066\u88fd\u54c1\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>FortiOS<\/p>\n<p>6.4.9, 7.0.6, 7.2.0\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>FortiClient Windows<\/p>\n<p>6.4.9, 7.0.4\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5bfe\u5fdc\u3059\u308b\u30b7\u30b0\u30cd\u30c1\u30e3(\u4eca\u5f8c\u8ffd\u52a0\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002)<\/p>\n<ul>\n<li>Elliptic.Curve.Public.Key.Handling.DoS(ID:51345)<\/li>\n<\/ul>\n<p>\u5bfe\u5fdc\u72b6\u6cc1\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001<a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-059\" target=\"_blank\" rel=\"noopener\">FortiGuardLabs<\/a>\u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"F5_Networks\"><\/span>F5 Networks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>F5 Networks\u88fd\u54c1\u306eCVE-2022-0778\u5bfe\u7b56\u3068\u3057\u3066\u88fd\u54c1\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>BIG-IP<\/p>\n<p>13.1.5, 14.1.4.6, 15.1.5.1, 16.1.2.2, 17.0.0\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u203b\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d7\u30ec\u30fc\u30f3\u306b\u3064\u3044\u3066\u306f\u3001\u7de9\u548c\u7b56\u304c\u30e1\u30fc\u30ab\u30fc\u30b5\u30a4\u30c8\u306b\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>BIG-IP Edge Client<\/p>\n<p>7.2.1.5, 7.2.2.1\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5bfe\u5fdc\u3059\u308b\u30b7\u30b0\u30cd\u30c1\u30e3(\u4eca\u5f8c\u8ffd\u52a0\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002)<\/p>\n<ul>\n<li>\u73fe\u5728\uff082022\/06\/02\uff09\u5f53\u30b0\u30eb\u30fc\u30d7\u8abf\u67fb\u306e\u7bc4\u56f2\u3067\u306f\u3001\u8a72\u5f53\u3059\u308b\u30b7\u30b0\u30cd\u30c1\u30e3\u306e\u60c5\u5831\u306f\u78ba\u8a8d\u51fa\u6765\u307e\u305b\u3093\u3067\u3057\u305f\u3002\n<ul>\n<li>\u3059\u3067\u306b\u5b9f\u6a5f\u4e0a\u306b\u306f\u914d\u4fe1\u3055\u308c\u3066\u3044\u308b\u53ef\u80fd\u6027\u3082\u3042\u308a\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u5bfe\u5fdc\u72b6\u6cc1\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001<a href=\"https:\/\/support.f5.com\/csp\/article\/K31323265\" target=\"_blank\" rel=\"noopener\">AskF5\u306e\u30ec\u30dd\u30fc\u30c8<\/a>\u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SonicWall\"><\/span>SonicWall<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SonicWall\u88fd\u54c1\u306eCVE-2022-0778\u5bfe\u7b56\u3068\u3057\u3066\u88fd\u54c1\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>SonicOS<\/p>\n<p>5.9.2.14, 6.5.4.10-95n, 7.0.1-5052\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5bfe\u5fdc\u3059\u308b\u30b7\u30b0\u30cd\u30c1\u30e3(\u4eca\u5f8c\u8ffd\u52a0\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002)<\/p>\n<ul>\n<li>OpenSSL BN_mod_sqrt Function DoS 1(ID:15407)<\/li>\n<li>OpenSSL BN_mod_sqrt Function DoS 2(ID:15491)<\/li>\n<li>OpenSSL BN_mod_sqrt Function DoS 3(ID:15351)<\/li>\n<li>OpenSSL BN_mod_sqrt Function DoS 4(ID:15755)<\/li>\n<\/ul>\n<p>\u5bfe\u5fdc\u72b6\u6cc1\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001<a href=\"https:\/\/www.sonicwall.com\/support\/product-notification\/openssl-infinite-loop-vulnerability-cve-2022-0778-impact-on-sonicwall-edge-appliances-ngfw-sma-vpn-clients\/220412121029153\/\" target=\"_blank\" rel=\"noopener\">SonicWall\u306e\u30b5\u30dd\u30fc\u30c8\u30da\u30fc\u30b8<\/a>\u3068<a href=\"https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2022-0002\" target=\"_blank\" rel=\"noopener\">SonicWall\u306e\u8106\u5f31\u6027\u30ec\u30dd\u30fc\u30c8<\/a>\u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"A10_Networks\"><\/span>A10 Networks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A10 Networks\u88fd\u54c1\u306eCVE-2022-0778\u5bfe\u7b56\u3068\u3057\u3066\u88fd\u54c1\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>ACOS<\/p>\n<p>4.1.4-GR1-P10, 5.0.2-P2 TPS, 5.2.1-P5\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u203b\u30c7\u30fc\u30bf\u30d7\u30ec\u30fc\u30f3\u3068\u30de\u30cd\u30b8\u30e1\u30f3\u30c8\u30d7\u30ec\u30fc\u30f3\u306b\u3064\u3044\u3066\u306f\u3001\u305d\u308c\u305e\u308c\u7de9\u548c\u7b56\u304c\u30e1\u30fc\u30ab\u30fc\u30b5\u30a4\u30c8\u306b\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5bfe\u5fdc\u3059\u308b\u30b7\u30b0\u30cd\u30c1\u30e3(\u4eca\u5f8c\u8ffd\u52a0\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002)<\/p>\n<ul>\n<li>\u73fe\u5728\uff082022\/06\/02\uff09\u5f53\u30b0\u30eb\u30fc\u30d7\u8abf\u67fb\u306e\u7bc4\u56f2\u3067\u306f\u3001\u8a72\u5f53\u3059\u308b\u30b7\u30b0\u30cd\u30c1\u30e3\u306e\u60c5\u5831\u306f\u78ba\u8a8d\u51fa\u6765\u307e\u305b\u3093\u3067\u3057\u305f\u3002<br \/>\n\u203b\u3059\u3067\u306b\u5b9f\u6a5f\u4e0a\u306b\u306f\u914d\u4fe1\u3055\u308c\u3066\u3044\u308b\u53ef\u80fd\u6027\u3082\u3042\u308a\u307e\u3059\u3002<\/li>\n<\/ul>\n<p>\u5bfe\u5fdc\u72b6\u6cc1\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001<a href=\"https:\/\/support.a10networks.com\/support\/security_advisory\/ssl-cve-2022-0778\/\" target=\"_blank\" rel=\"noopener\">A10 Networks\u306e\u30ec\u30dd\u30fc\u30c8<\/a>\u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%E3%81%BE%E3%81%A8%E3%82%81\"><\/span>\u307e\u3068\u3081<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CVE-2022-0778\u306f\u3001OpenSSL\u304c\u4e0d\u6b63\u306b\u7d30\u5de5\u3055\u308c\u305f\u8a3c\u660e\u66f8\u3092\u51e6\u7406\u3059\u308b\u3053\u3068\u3067\u7121\u9650\u30eb\u30fc\u30d7\u3092\u5f15\u304d\u8d77\u3053\u3057\u3001\u30b5\u30fc\u30d3\u30b9\u63d0\u4f9b\u4e0d\u80fd\u72b6\u614b\u306b\u9665\u308b\u6050\u308c\u306e\u3042\u308b\u8106\u5f31\u6027\u3067\u3059\u3002<\/p>\n<p>\u591a\u304f\u306e\u30e6\u30fc\u30b6\u74b0\u5883\u306b\u304a\u3044\u3066\u3001\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3055\u308c\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u6050\u308c\u304c\u3042\u308b\u3082\u306e\u306f\u3001HTTPS\u3092\u7528\u3044\u305fWeb\u30a2\u30af\u30bb\u30b9\u3068\u601d\u308f\u308c\u307e\u3059\u3002<\/p>\n<p>\u3057\u304b\u3057\u3001\u4e00\u822c\u7684\u306b\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u4e0a\u306b\u516c\u958b\u3055\u308c\u3066\u3044\u308bWeb\u30b5\u30a4\u30c8\u306b\u4e0d\u6b63\u306b\u7d30\u5de5\u3055\u308c\u305f\u8a3c\u660e\u66f8\u304c\u4f7f\u308f\u308c\u3066\u3044\u308b\u53ef\u80fd\u6027\u306f\u975e\u5e38\u306b\u4f4e\u304f\u3001\u73fe\u5728\uff082022\/06\/02\uff09\u5f53\u30b0\u30eb\u30fc\u30d7\u8abf\u67fb\u306e\u7bc4\u56f2\u3067\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u305f\u6df1\u523b\u306a\u653b\u6483\u3092\u78ba\u8a8d\u3067\u304d\u3066\u304a\u308a\u307e\u305b\u3093\u3002<\/p>\n<p>\u305d\u306e\u305f\u3081\u3001CVSS\u5024\u306f\u9ad8\u3044\u5024\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u304c\u3001\u30e6\u30fc\u30b6\u74b0\u5883\u6b21\u7b2c\u3067\u306f\u3001\u3053\u306e\u8106\u5f31\u6027\u5358\u4f53\u3067\u305d\u308c\u307b\u3069\u5927\u304d\u306a\u5f71\u97ff\u304c\u3042\u308b\u3082\u306e\u3067\u306f\u306a\u3044\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3057\u304b\u3057\u306a\u304c\u3089\u3001\u6839\u672c\u5bfe\u7b56\u306b\u306f\u30d9\u30f3\u30c0\u30fc\u304c\u516c\u958b\u3057\u3066\u3044\u308b\u60c5\u5831\u306b\u3082\u3068\u3065\u3044\u3066\u5bfe\u5fdc\u304c\u5fc5\u8981\u306a\u3053\u3068\u306b\u5909\u308f\u308a\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n<p>\u79c1\u306f\u3001\u3053\u306e\u8106\u5f31\u6027\u306e\u8abf\u67fb\u3092\u901a\u3058\u3066\u3001CVSS\u306e\u30b9\u30b3\u30a2\u304c\u9ad8\u3044\u8106\u5f31\u6027\u3067\u3082\u3001\u30e6\u30fc\u30b6\u74b0\u5883\u3084\u30b7\u30b9\u30c6\u30e0\u306e\u4f7f\u7528\u65b9\u6cd5\u306b\u3088\u3063\u3066\u5f71\u97ff\u304c\u5c0f\u3055\u3044\u3053\u3068\u3082\u3042\u308b\u3068\u5b66\u3073\u307e\u3057\u305f\u3002\u305d\u3057\u3066\u3001\u8106\u5f31\u6027\u306e\u5185\u5bb9\u30fb\u5f71\u97ff\u306e\u6b63\u78ba\u306a\u628a\u63e1\u3068\u30e6\u30fc\u30b6\u74b0\u5883\u306e\u904b\u7528\u76e3\u8996\u3092\u65e5\u5e38\u7684\u306b\u884c\u3046\u3053\u3068\u3067\u3001\u3059\u3050\u306b\u7570\u5e38\u306b\u6c17\u3065\u3051\u308b\u4f53\u5236\u306e\u69cb\u7bc9\u3068\u8fc5\u901f\u306b\u7570\u5e38\u3078\u306e\u5bfe\u51e6\u304c\u3067\u304d\u308b\u74b0\u5883\u3092\u76ee\u6307\u3059\u3053\u3068\u304c\u91cd\u8981\u3068\u611f\u3058\u307e\u3057\u305f\u3002<\/p>\n<p>\u6700\u5f8c\u306b\u3001\u30e6\u30fc\u30b6\u74b0\u5883\u306b\u304a\u3051\u308b\u7dca\u6025\u3067\u306e\u6839\u672c\u5bfe\u7b56\u306e\u8981\u5426\u306f\u74b0\u5883\u306b\u3088\u3063\u3066\u7570\u306a\u308a\u307e\u3059\u306e\u3067\u3001\u8cfc\u5165\u5143\u306e\u4ee3\u7406\u5e97\u69d8\u3084\u904b\u7528\u30fb\u4fdd\u5b88\u30d9\u30f3\u30c0\u30fc\u69d8\u3078\u304a\u554f\u3044\u5408\u308f\u305b\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u6700\u5f8c\u307e\u3067\u304a\u8aad\u307f\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3057\u305f\uff01\u7686\u69d8\u306e\u304a\u5f79\u306b\u305f\u3066\u307e\u3059\u3068\u5e78\u3044\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"\u30bb\u30ad\u30e5\u30a2\u30f4\u30a7\u30a4\u30eb\u306e\u65b0\u5165\u793e\u54e1\u3068\u306a\u308a\u307e\u3057\u305f\u65b0\u793e\u4f1a\u4eba 0x90 \u304cOpenSSL \u306e\u8106\u5f31\u6027\u3067\u3042\u308bCVE-2022-0778\u306e\u5404UTM\/IPS\/WAF\u306e\u5bfe\u5fdc\u72b6\u6cc1\u3092\u6295\u7a3f\u3057\u307e\u3059\u3002 \u203b\u672c\u8a18\u4e8b\u306e\u5185\u5bb9\u306f\u30012022\u5e746\u67082\u65e5\u73fe\u5728\u306e\u516c\u958b\u60c5\u5831\u3092 [&hellip;]","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[49,55,56,59],"tags":[47,28,19,18,43],"class_list":["post-11621","post","type-post","status-publish","format-standard","hentry","category-nw-device","category-paloalto","category-fortigate","category-big-ip","tag-a10","tag-big-ip","tag-fortigate","tag-paloalto","tag-sonicwall"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/11621","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/comments?post=11621"}],"version-history":[{"count":7,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/11621\/revisions"}],"predecessor-version":[{"id":11624,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/11621\/revisions\/11624"}],"wp:attachment":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/media?parent=11621"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/categories?post=11621"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/tags?post=11621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}