內容說明:
CISA於1/29至2/4在Kown Exploited Vulnerabilities Catalog(KEV)中發佈2個已遭駭客利用之漏洞。
影響平台:
受影響廠商與產品名稱如下:
Ivanti多項產品(Connect Secure、Policy Secure及Neurons)
Apple多項產品(iOS、iPadOS、macOS、tvOS及watchOS)
處置建議:
修補說明請參考以下官方連結
Ivanti多項產品(Connect Secure、Policy Secure及Neurons):
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Apple多項產品(iOS、iPadOS、macOS、tvOS及watchOS):
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213532
https://support.apple.com/en-us/HT213535
https://support.apple.com/en-us/HT213536
CVE編號:
CVE-2022-48618
CVE-2024-21893
參考資料:
1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
2. https://nvd.nist.gov/vuln/detail/CVE-2022-48618
3. https://nvd.nist.gov/vuln/detail/CVE-2024-21893
4. https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
5. https://support.apple.com/en-us/HT213530
6. https://support.apple.com/en-us/HT213532
7. https://support.apple.com/en-us/HT213535
8. https://support.apple.com/en-us/HT213536