- 5/27至6/2 Known Exploited Vulnerabilities Catalog(KEV)週報

內容說明:

CISA於5/27至6/2在Known Exploited Vulnerabilities Catalog(KEV)中發布4個已遭駭客利用之漏洞。


影響平台:

受影響廠商與產品名稱如下:
Linux|Kernel
Check Point|Quantum Security Gateways
Justice AV Solutions|Viewer
Google|Chromium V8

處置建議:

修補說明請參考以下官方連結:
Linux|Kernel
此漏洞影響產品為開源套件或第三方函式庫或不同產品使用之協定,實際修補方式請參考各家廠商的說明,需要更多資訊可參考以下網址:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
Check Point|Quantum Security Gateways
https://support.checkpoint.com/results/sk/sk182336
Justice AV Solutions|Viewer
請參考Vendor Statement一節:
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack#remediation%20and%20https://www.javs.com/downloads
Google|Chromium V8
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html?m=1

CVE編號:

CVE-2024-1086
CVE-2024-4978
CVE-2024-5274
CVE-2024-24919

參考資料:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-1086
https://nvd.nist.gov/vuln/detail/CVE-2024-4978
https://nvd.nist.gov/vuln/detail/CVE-2024-5274
https://nvd.nist.gov/vuln/detail/CVE-2024-24919
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
https://support.checkpoint.com/results/sk/sk182336
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack#remediation%20and%20https://www.javs.com/downloads
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html?m=1

新聞來源:https://www.nics.nat.gov.tw/core_business/information_security_information_sharing/Vulnerability_Alerts/1558/
發布日期:05/06/2024