內容說明：

CISA於1/29至2/4在Kown Exploited Vulnerabilities Catalog(KEV)中發佈2個已遭駭客利用之漏洞。

 

影響平台：

受影響廠商與產品名稱如下：
Ivanti多項產品(Connect Secure、Policy Secure及Neurons)
Apple多項產品(iOS、iPadOS、macOS、tvOS及watchOS)

 

處置建議：

修補說明請參考以下官方連結

Ivanti多項產品(Connect Secure、Policy Secure及Neurons)：
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Apple多項產品(iOS、iPadOS、macOS、tvOS及watchOS)：
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213532
https://support.apple.com/en-us/HT213535
https://support.apple.com/en-us/HT213536
 

CVE編號：

CVE-2022-48618
CVE-2024-21893

 

參考資料：

1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
2. https://nvd.nist.gov/vuln/detail/CVE-2022-48618
3. https://nvd.nist.gov/vuln/detail/CVE-2024-21893
4. https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
5. https://support.apple.com/en-us/HT213530
6. https://support.apple.com/en-us/HT213532
7. https://support.apple.com/en-us/HT213535
8. https://support.apple.com/en-us/HT213536