202411

cve api

% curl "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47575" | jq .
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4878  100  4878    0     0   2318      0  0:00:02  0:00:02 --:--:--  2319
{
  "resultsPerPage": 1,
  "startIndex": 0,
  "totalResults": 1,
  "format": "NVD_CVE",
  "version": "2.0",
  "timestamp": "2024-11-04T11:29:46.623",
  "vulnerabilities": [
    {
      "cve": {
        "id": "CVE-2024-47575",
        "sourceIdentifier": "[email protected]",
        "published": "2024-10-23T15:15:30.707",
        "lastModified": "2024-10-24T18:56:47.930",
        "vulnStatus": "Analyzed",
        "cveTags": [],
        "cisaExploitAdd": "2024-10-23",
        "cisaActionDue": "2024-11-13",
        "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
        "cisaVulnerabilityName": "Fortinet FortiManager Missing Authentication Vulnerability",
        "descriptions": [
          {
            "lang": "en",
            "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
          },
          {
            "lang": "es",
            "value": "Una autenticación faltante para una función crítica en FortiManager 7.6.0, FortiManager 7.4.0 a 7.4.4, FortiManager 7.2.0 a 7.2.7, FortiManager 7.0.0 a 7.0.12, FortiManager 6.4.0 a 6.4.14, FortiManager 6.2.0 a 6.2.12, Fortinet FortiManager Cloud 7.4.1 a 7.4.4, FortiManager Cloud 7.2.1 a 7.2.7, FortiManager Cloud 7.0.1 a 7.0.13, FortiManager Cloud 6.4.1 a 6.4.7 permite a un atacante ejecutar código o comandos arbitrarios a través de solicitudes especialmente manipuladas."
          }
        ],
        "metrics": {
          "cvssMetricV31": [
            {
              "source": "[email protected]",
              "type": "Primary",
              "cvssData": {
                "version": "3.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "attackVector": "NETWORK",
                "attackComplexity": "LOW",
                "privilegesRequired": "NONE",
                "userInteraction": "NONE",
                "scope": "UNCHANGED",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9
            },
            {
              "source": "[email protected]",
              "type": "Secondary",
              "cvssData": {
                "version": "3.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "attackVector": "NETWORK",
                "attackComplexity": "LOW",
                "privilegesRequired": "NONE",
                "userInteraction": "NONE",
                "scope": "UNCHANGED",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9
            }
          ]
        },
        "weaknesses": [
          {
            "source": "[email protected]",
            "type": "Primary",
            "description": [
              {
                "lang": "en",
                "value": "CWE-306"
              }
            ]
          }
        ],
        "configurations": [
          {
            "nodes": [
              {
                "operator": "OR",
                "negate": false,
                "cpeMatch": [
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "6.2.0",
                    "versionEndExcluding": "6.2.13",
                    "matchCriteriaId": "D7E60883-7F64-4C22-99F9-802A7623DAE0"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "6.4.0",
                    "versionEndExcluding": "6.4.15",
                    "matchCriteriaId": "D2AD66B0-9C99-4F83-80AA-B54E6354ADFD"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "7.0.0",
                    "versionEndExcluding": "7.0.13",
                    "matchCriteriaId": "37456E27-0EE2-4AF8-B92F-A5284FEC0409"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "7.2.0",
                    "versionEndExcluding": "7.2.8",
                    "matchCriteriaId": "01E63E1E-4084-4C73-862F-A4CC07914C23"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "7.4.0",
                    "versionEndExcluding": "7.4.5",
                    "matchCriteriaId": "0666260A-1327-4C43-A841-04FB4459449C"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0141F06A-F5FE-4DF3-B60E-DD76A1AD8A56"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "6.4.1",
                    "versionEndIncluding": "6.4.7",
                    "matchCriteriaId": "5BB52FA5-7811-4123-8989-59369583F82F"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "7.0.1",
                    "versionEndExcluding": "7.0.13",
                    "matchCriteriaId": "29B3A5F2-3121-4902-BBB6-8B4D07767F77"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "7.2.1",
                    "versionEndExcluding": "7.2.8",
                    "matchCriteriaId": "E3A26BF0-DF69-42F6-B9D8-D3BEE3DD352C"
                  },
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                    "versionStartIncluding": "7.4.1",
                    "versionEndExcluding": "7.4.5",
                    "matchCriteriaId": "6E0BCF26-B311-4FFF-866B-3DCA14A26268"
                  }
                ]
              }
            ]
          }
        ],
        "references": [
          {
            "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
            "source": "[email protected]",
            "tags": [
              "Exploit",
              "Mitigation",
              "Vendor Advisory"
            ]
          }
        ]
      }
    }
  ]
}

% cat << EOF | xargs -p -t  -I _ curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=_" | jq '.vulnerabilities[0].cve.descriptions[]|select(.lang == "en")'
CVE-2024-47575
CVE-2024-9379
EOF

curl -s https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47575?...y
curl -s https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-9379?...y
{
  "lang": "en",
  "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
}
{
  "lang": "en",
  "value": "SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements."
}

ss.nb

  • スペクトラム拡散

ハロン系消火剤について

  • ハロン1301
    • 一臭化三ふっ化メタン
    • 窒息消火作用と負触媒作用による燃焼サイクルの抑制がある.
    • 臭素ラジカルが熱分解されたHやOHに作用し,BrHを形成,より活性なOHとBrHのHが結合し,H2OとBrとなる.Brは再びHと結合しこのサイクルが継続される.(負触媒効果)
      • つまり生成されるのは水蒸気
    • フロンガスなどと同様オゾン層を破壊する特性をもつので,新規に配備される施設は限定されている(通信機器室,サーバ室,など)
  • 液体の入ったカプセルを投げるだけで消化できる製品もあるが,これの内容物は炭酸カリウムなどであり,このハロン系消火剤と同様の仕組みで消化する.
    • カリウムが負触媒となる.
  • ハロンddddとよく呼ばれるが,この数値は元素の数を示していると思われる.
    • 1234番目の数字がそれぞれC,F,Cl,Brの元素数に対応する.

MoIPについて

  • SMPTE ST2110
    • 動作仕様上時刻同期(PTP)が必要.
  • SMPTE ST2022-7
    • 冗長性の確保のための規定
      • 基本的には冗長系のすべてに対して同様のデータを送出し,早く受信したデータ(?)を採用することで冗長性を担保する.
  • マルチキャストを用いるケースが増えてきている.
    • IGMP, PIMなどのプロトコルの理解が必要

グライドスロープ,ローカライザ等の計器着陸系のしくみ

  • GL
  • LOC
  • VOR
  • DME

みえないトラシューで切り分けしていくコツ

  • トラブルがないものと比較できる(比較対象が存在する場合)は比較する.
  • トライアンドエラーするなら小さいドメインからやっていく.いきなり大きく買えると何が変化要因(根本原因)であったかが不明となる.