米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cybersecurity and Infrastructure Security Agency)は9月8日(米国時間)、「CISA Adds Twelve Known Exploited Vulnerabilities to Catalog |CISA」において、「Known Exploited Vulnerabilities Catalog」に12個の脆弱性を追加したと伝えた。これら脆弱性はサイバー犯罪者によって積極的に悪用されていることが確認されており注意が必要。
-
CISA Adds Twelve Known Exploited Vulnerabilities to Catalog |CISA
影響を受ける主な製品やサービスは次のとおり。
- CVE-2022-3075 Google - Chromium
- CVE-2022-28958 D-Link - DIR-816L
- CVE-2022-27593 QNAP - Photo Station
- CVE-2022-26258 D-Link - DIR-820L
- CVE-2020-9934 Apple - iOS, iPadOS, and macOS
- CVE-2018-7445 MikroTik - RouterOS
- CVE-2018-6530 D-Link - Multiple Routers
- CVE-2018-2628 Oracle - WebLogic Server
- CVE-2018-13374 Fortinet - FortiOS and FortiADC
- CVE-2017-5521 NETGEAR - Multiple Devices
- CVE-2011-4723 D-Link - DIR-300 Router
- CVE-2011-1823 Android - Android OS
脆弱性の主な内容は次のとおり。
| CVE番号 | 脆弱性内容 |
|---|---|
| CVE-2022-3075 | Google Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge. |
| CVE-2022-28958 | D-Link DIR-816L contains an unspecified vulnerability in the shareport.php value parameter which allows for remote code execution. |
| CVE-2022-27593 | Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign. |
| CVE-2022-26258 | D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. |
| CVE-2020-9934 | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. |
| CVE-2018-7445 | In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. |
| CVE-2018-6530 | Multiple D-Link routers contain an unspecified vulnerability which allows for execution of OS commands. |
| CVE-2018-2628 | Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server. |
| CVE-2018-13374 | Fortinet FortiOS and FortiADC contain an improper access control vulnerability which allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server. |
| CVE-2017-5521 | Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. |
| CVE-2011-4723 | The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information. |
| CVE-2011-1823 | The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor. |
今回カタログに追加された脆弱性は、最も古いもので2011年に発行されたAndroidおよびD-Linkの脆弱性が含まれている。カタログには、アクティブに悪用されている脆弱性が追加される仕組みになっており、脆弱性自体は古いものが含まれることも多い。長期にわたって使っている製品がこうした脆弱性を抱えたままになっていることもあるため、カタログに追加された製品に関しては再度情報を確認するとともに、必要に応じてアップデートを適用することが望まれる。
