米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cybersecurity and Infrastructure Security Agency)は3月25日(米国時間)、「CISA Adds 66 Known Exploited Vulnerabilities to Catalog|CISA」において、「Known Exploited Vulnerabilities Catalog」に66個の脆弱性を追加したと伝えた。これら脆弱性はサイバー犯罪者によって悪用されていることが確認されている。迅速に確認を行いたい。
カタログに追加された脆弱性は次のとおり。
| CVE番号 | 脆弱性の内容 |
|---|---|
| CVE-2022-26318 | WatchGuard Firebox and XTM Appliances Arbitrary Code Execution |
| CVE-2022-26143 | MiCollab, MiVoice Business Express Access Control Vulnerability |
| CVE-2022-21999 | Microsoft Windows Print Spooler Privilege Escalation Vulnerability |
| CVE-2021-42237 | Sitecore XP Remote Command Execution Vulnerability |
| CVE-2021-22941 | Citrix ShareFile Improper Access Control Vulnerability |
| CVE-2020-9377 | D-Link DIR-610 Devices Remote Command Execution |
| CVE-2020-9054 | Zyxel Multiple NAS Devices OS Command Injection Vulnerability |
| CVE-2020-7247 | OpenSMTPD Remote Code Execution Vulnerability |
| CVE-2020-5410 | VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability |
| CVE-2020-25223 | Sophos SG UTM Remote Code Execution Vulnerability |
| CVE-2020-2506 | QNAP Helpdesk Improper Access Control Vulnerability |
| CVE-2020-2021 | Palo Alto PAN-OS Authentication Bypass Vulnerability |
| CVE-2020-1956 | Apache Kylin OS Command Injection Vulnerability |
| CVE-2020-1631 | Juniper Junos OS Path Traversal Vulnerability |
| CVE-2019-6340 | Drupal Core Remote Code Execution Vulnerability |
| CVE-2019-2616 | Oracle BI Publisher Unauthorized Access Vulnerability |
| CVE-2019-16920 | D-Link Multiple Routers Command Injection Vulnerability |
| CVE-2019-15107 | Webmin Command Injection Vulnerability |
| CVE-2019-12991 | Citrix SD-WAN and NetScaler Command Injection Vulnerability |
| CVE-2019-12989 | Citrix SD-WAN and NetScaler SQL Injection Vulnerability |
| CVE-2019-11043 | PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability |
| CVE-2019-10068 | Kentico Xperience Deserialization of Untrusted Data Vulnerability |
| CVE-2019-1003030 | Jenkins Matrix Project Plugin Remote Code Execution Vulnerability |
| CVE-2019-0903 | Microsoft GDI Remote Code Execution Vulnerability |
| CVE-2018-8414 | Microsoft Windows Shell Remote Code Execution Vulnerability |
| CVE-2018-8373 | Microsoft Scripting Engine Memory Corruption Vulnerability |
| CVE-2018-6961 | VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability |
| CVE-2018-14839 | LG N1A1 NAS Remote Command Execution Vulnerability |
| CVE-2018-1273 | VMware Tanzu Spring Data Commons Property Binder Vulnerability |
| CVE-2018-11138 | Quest KACE System Management Appliance Remote Command Execution Vulnerability |
| CVE-2018-0147 | Cisco Secure Access Control System Java Deserialization Vulnerability |
| CVE-2018-0125 | Cisco VPN Routers Remote Code Execution Vulnerability |
| CVE-2017-6334 | NETGEAR DGN2200 Devices OS Command Injection Vulnerability |
| CVE-2017-6316 | Citrix Multiple Products Remote Code Execution Vulnerability |
| CVE-2017-3881 | Cisco IOS and IOS XE Remote Code Execution Vulnerability |
| CVE-2017-12617 | Apache Tomcat Remote Code Execution Vulnerability |
| CVE-2017-12615 | Apache Tomcat on Windows Remote Code Execution Vulnerability |
| CVE-2017-0146 | Microsoft Windows SMB Remote Code Execution Vulnerability |
| CVE-2016-7892 | Adobe Flash Player Use-After-Free Vulnerability |
| CVE-2016-4171 | Adobe Flash Player Remote Code Execution Vulnerability |
| CVE-2016-1555 | NETGEAR Multiple WAP Devices Command Injection Vulnerability |
| CVE-2016-11021 | D-Link DCS-930L Devices OS Command Injection Vulnerability |
| CVE-2016-10174 | NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability |
| CVE-2016-0752 | Ruby on Rails Directory Traversal Vulnerability |
| CVE-2015-4068 | Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability |
| CVE-2015-3035 | TP-Link Multiple Archer Devices Directory Traversal Vulnerability |
| CVE-2015-1427 | Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability |
| CVE-2015-1187 | D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability |
| CVE-2015-0666 | Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability |
| CVE-2014-6332 | Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability |
| CVE-2014-6324 | Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability |
| CVE-2014-6287 | Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability |
| CVE-2014-3120 | Elasticsearch Remote Code Execution Vulnerability |
| CVE-2014-0130 | Ruby on Rails Directory Traversal Vulnerability |
| CVE-2013-5223 | D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability |
| CVE-2013-4810 | HP Multiple Products Remote Code Execution Vulnerability |
| CVE-2013-2251 | Apache Struts Improper Input Validation Vulnerability |
| CVE-2012-1823 | PHP-CGI Query String Parameter Vulnerability |
| CVE-2010-4345 | Exim Privilege Escalation Vulnerability |
| CVE-2010-4344 | Exim Heap-Based Buffer Overflow Vulnerability |
| CVE-2010-3035 | Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability |
| CVE-2010-2861 | Adobe ColdFusion Directory Traversal Vulnerability |
| CVE-2009-2055 | Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability |
| CVE-2009-1151 | phpMyAdmin Remote Code Execution Vulnerability |
| CVE-2009-0927 | Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability |
| CVE-2005-2773 | HP OpenView Network Node Manager Remote Code Execution Vulnerability |
影響を受ける主な製品やサービスは次のとおり。
- Adobe Acrobat
- Adobe Reader
- BI Publisher (Formerly XML Publisher)
- ColdFusion
- Core
- DCS-930L Devices
- DGN2200 Devices
- DIR-610 Devices
- DSL-2760U
- Elasticsearch
- Exim
- FastCGI Process Manager (FPM)
- Firebox and XTM Appliances
- Flash Player
- Graphics Device Interface (GDI)
- HTTP File Server (HFS)
- Helpdesk
- IOS XE
- IOS XR
- Internet Explorer Scripting Engine
- Junos OS
- KACE System Management Appliance
- Kerberos Key Distribution Center (KDC)
- Kylin
- Matrix Project Plugin
- MiCollab, MiVoice Business Express
- Multiple Archer Devices
- Multiple Devices
- Multiple Network-Attached Storage (NAS) Devices
- Multiple Routers
- N1A1 NAS
- NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, XenMobile Server
- OpenSMTPD
- OpenView Network Node Manager
- PAN-OS
- PHP
- Prime Data Center Network Manager (DCNM)
- ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), Application Lifecycle Management
- Ruby on Rails
- SD-WAN Edge
- SD-WAN and NetScaler
- SG UTM
- Secure Access Control System (ACS)
- ShareFile
- Spring Cloud Configuration (Config) Server
- Spring Data Commons
- Struts
- Tomcat
- Unified Data Protection (UDP)
- VPN Routers
- WNR2000v5 Router
- Webmin
- (Windows版)
- Windows Object Linking and Embedding (OLE)
- Wireless Access Point (WAP) Devices
- XP
- Xperience
- phpMyAdmin
カタログに追加された脆弱性は悪用が既に確認されている点に注意が必要。該当する製品を使っている場合は提供されているCVE情報やベンダーの提供する情報を確認するとともに、迅速にアップデートを適用することが望まれる。
また今回カタログに追加された脆弱性は、最も古いもので2005年に発行されたものが含まれている。カタログにはアクティブに悪用されている脆弱性が追加される仕組みになっており、脆弱性自体は古いものが含まれることも多い。長期にわたって使っている製品が脆弱性を抱えたままになっていることもあるため、カタログに追加された製品に関しては再度情報を確認するとともに、必要に応じてアップデートを適用することが望まれる。
