Site Search
Security business menu
Security business
HOME
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand

Macnica Attack Surface Management

Macnica Attack Surface Management

Service overview

  • This is the contact point for inquiries when you are having difficulty making a judgment regarding a detection alert that has occurred in the ASM tool you are using.
  • In principle, all services and tools related to ASM, which detects publicly available assets and conducts risk investigations, are eligible for support, regardless of vendor type.
  • If you contact us about a detection alert, our security professionals will conduct additional investigations and advise on how to deal with the issue.
  • This service allows you to purchase a ticket per year and use one ticket per inquiry (for each asset, questions about individual assets are counted).

Service details

Item content Notes
Business hours Our business days/hours 9:00-17:00 (excluding Saturdays, Sundays, public holidays, and our company's holidays)
supported language Japanese only Both questions and answers will be provided in Japanese.
Number of cases that can be accepted Number of tickets to purchase
*Valid for one year		 One ticket will be consumed for each inquiry (or for each asset-specific question). Even if the number of tickets consumed in a year is less than the number of tickets purchased, tickets cannot be carried over to the following year.
  • The minimum order quantity is 10 tickets per year.
  • If you add tickets during the period, a minimum of 5 tickets will be required (valid until the existing period).
Inquiries and how to respond Email In principle, inquiries will only be accepted via email.
Survey scope Publicly available information The investigation will be limited to the scope of publicly available information.
For alerts that may be environment-dependent, we may ask you to confirm their accuracy.
*If we determine that it is difficult to provide advice, we will inform you without consuming a ticket.
*For inquiries regarding product specifications, please contact the vendor that introduced the product.

Service provision flow

Service provision flow

Sample answer (asset perspective)

Your response

(1) Content of inquiry
Please enter the details of your inquiry and the asset information
(2) Summary of responses
Conclusion and brief reasons for the decision
(3) Response details
Include a detailed description of the conclusion and reasons for the decision

■Inquiry details
The ASM product we use has detected the following IP address as a company-related asset. There is no domain information, so I'm unsure whether it is a company asset or not. Is there any additional information I can provide?

Target asset IP: xx.xx.xx.xx

■Response
[Summary]
Upon checking, we found that the target asset has port 3389 (RDP) open and the certificate lists "host.example.com".
The organization name of example.com in whois is XXXXXXXXX, and we have determined that it is a domain related to your company.

Therefore, the above IP is considered to be an asset related to your company.

【detail】
The target asset has port 3389 (RDP) open and the certificate lists "host.example.com".
The organization name of example.com in whois is XXXXXXXXX, and we have determined that it is a domain related to your company.

The IP address you shared is owned by the XX telecommunications company, so it is likely that your mobile PC or other device has been directly assigned a global IP address and is publicly available.

3389 (RDP) can be exploited as an intrusion route by attackers, so we recommend taking measures such as disabling the RDP function and restricting the sources that can connect.

Sample response (risk perspective)

Your response

(1) Content of inquiry
Please enter the details of your inquiry and the asset information
(2) Summary of responses
Conclusion and brief reasons for the decision
(3) Response details
Include a detailed description of the conclusion and reasons for the decision

■Inquiry details
In the Ivanti products we own, CVE-2025-6770/CVE-2025-6771 has been detected as High severity in the ASM product we use.
At present, it is difficult to respond immediately, so I am contacting you to determine whether this vulnerability requires immediate action.

Target asset IP: xx.xx.xx.xx
Target asset FQDN: epm.company.example.com
Target asset product: Ivanti Endpoint manager
Target asset version: 12.5.0.1

■Response
[Summary]
The vulnerabilities you inquired about, CVE-2025-6770/CVE-2025-6771, are classified as Medium risk in our company's risk definition, and we recommend addressing them during regular maintenance. Therefore, we have determined that no immediate action is necessary.

*Risk definition
Critical: Risks that require immediate action
High: Risk that requires immediate action
Medium: Risks that are unlikely to lead to immediate serious security risks, but that should be addressed in the medium to long term
Low: Indicators for understanding the condition of assets

【detail】
The vulnerabilities CVE-2025-6770/CVE-2025-6771 require a user with high privileges to be exploited, and no exploitation has been confirmed. Furthermore, if exploited, the impact is privilege escalation, and the vulnerabilities are not ones that immediately lead to an intrusion such as RCE, so the severity has been rated as Medium.
When we accessed the assets you shared with us, we were unable to find a login screen, so we believe it is unlikely that someone would attempt to log in to gain the above-mentioned high privileges.
Additionally, if used in conjunction with the exploitation of an authentication bypass vulnerability such as CVE-2025-4427, it may be possible to gain elevated privileges, but based on the version information you shared, the relevant authentication bypass vulnerability was not confirmed.
For the reasons stated above, we have determined that no immediate action is necessary.

*Vulnerability information
Vulnerability number: CVE-2025-6770
CVSS: 7.2
Improper input validation could lead to elevation of privilege
This vulnerability could allow a remote user to elevate their privileges on the system. The vulnerability is due to improper input validation. A remote privileged user could pass crafted data to the application and execute arbitrary OS commands on the targeted system.
reference:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US

Vulnerability number: CVE-2025-6771
CVSS: 7.2
Improper input validation could lead to elevation of privilege
This vulnerability could allow a remote user to elevate their privileges on the system. The vulnerability is due to improper input validation. A remote privileged user could pass crafted data to the application and execute arbitrary OS commands on the targeted system.
reference:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2025-6770-CVE-2025-6771?language=en_US

Affected versions
Ivanti Endpoint Manager Mobile 12.5.0.1 or lower, 12.4.0.2 or lower, 12.3.0.2 or lower

Disclaimer

  • Our judgment in this service indicates the result of a judgment that we believe is reasonable and appropriate at the time of investigation, but we do not guarantee that the result of that judgment will be correct. Furthermore, even if you consult us, we cannot guarantee a final solution. Please be aware of this.
  • There are no SLOs provided with this service.
  • This service cannot answer questions about specific solutions (such as changing settings or fixing vulnerabilities). Please contact the respective manufacturer or vendor for solutions.

Inquiry/Document request

Macnica Macnica ASM

inquiry Document request

Weekdays: 9:00-17:00