-9/29至10/5 Known Exploited Vulnerabilities Catalog(KEV)週報
內容說明
CISA於9/29至10/5在Known Exploited Vulnerabilities Catalog(KEV)中發布10個已遭駭客利用之漏洞。
影響平台
Adminer|Adminer
Cisco|IOS and IOS XE
Fortra|GoAnywhere MFT
GNU|GNU Bash
Jenkins|Jenkins
Juniper|ScreenOS
Libraesva|Email Security Gateway
Samsung|Mobile Devices
Smartbedded|Meteobridge
Sudo|Sudo
處置建議
修補說明請參考以下官方連結:
Adminer|Adminer
https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
Cisco|IOS and IOS XE
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
Fortra|GoAnywhere MFT
https://www.fortra.com/security/advisories/product-security/fi-2025-012
GNU|GNU Bash
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23467
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
https://www.ibm.com/support/pages/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187
Jenkins|Jenkins
https://www.jenkins.io/security/advisory/2017-04-26/
Juniper|ScreenOS
https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756
Libraesva|Email Security Gateway
https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/
Samsung|Mobile Devices
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09
Smartbedded|Meteobridge
https://forum.meteohub.de/viewtopic.php?t=18687
Sudo|Sudo
https://www.sudo.ws/security/advisories/chroot_bug/
CVE編號
CVE-2014-6278
CVE-2015-7755
CVE-2017-1000353
CVE-2021-21311
CVE-2025-4008
CVE-2025-10035
CVE-2025-20352
CVE-2025-21043
CVE-2025-32463
CVE-2025-59689
參考資料
1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
2. https://nvd.nist.gov/vuln/detail/CVE-2014-6278
3. https://nvd.nist.gov/vuln/detail/CVE-2015-7755
4. https://nvd.nist.gov/vuln/detail/CVE-2017-1000353
5. https://nvd.nist.gov/vuln/detail/CVE-2021-21311
6. https://nvd.nist.gov/vuln/detail/CVE-2025-4008
7. https://nvd.nist.gov/vuln/detail/CVE-2025-10035
8. https://nvd.nist.gov/vuln/detail/CVE-2025-20352
9. https://nvd.nist.gov/vuln/detail/CVE-2025-21043
10. https://nvd.nist.gov/vuln/detail/CVE-2025-32463
11. https://nvd.nist.gov/vuln/detail/CVE-2025-59689
新聞來源:https://www.nics.nat.gov.tw/core_business/information_security_information_sharing/Vulnerability_Alerts/5b1c0546-06ef-4a79-a169-07a763db9e97/
發布日期:08/10/2025
