思科產品多個漏洞

發佈日期: 2022年09月29日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在思科產品發現多個漏洞，遠端攻擊者可利用這些漏洞在目標系統觸發繞過保安限制、阻斷服務狀況、資料洩露、遠端執行程式碼、篡改及權限提升。

---

影響

• 繞過保安限制
• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 資料洩露
• 篡改

---

受影響之系統或技術

詳情請參閱以下連結﹕

 

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2

---

漏洞識別碼

• CVE-2022-20662
• CVE-2022-20769
• CVE-2022-20775
• CVE-2022-20810
• CVE-2022-20818
• CVE-2022-20830
• CVE-2022-20837
• CVE-2022-20844
• CVE-2022-20847
• CVE-2022-20848
• CVE-2022-20850
• CVE-2022-20851
• CVE-2022-20855
• CVE-2022-20856
• CVE-2022-20864
• CVE-2022-20870
• CVE-2022-20915
• CVE-2022-20919
• CVE-2022-20920
• CVE-2022-20930
• CVE-2022-20944
• CVE-2022-20945

---

資料來源

• Cisco

---

相關連結

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2

Cisco Products Multiple Vulnerabilities

Release Date: 29 Sep 2022

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to security restriction bypass, denial of service condition, information disclosure, remote code execution, data manipulation and elevation of privilege the targeted system.

---

Impact

• Security Restriction Bypass
• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

Please refer to the link below for detail:

 

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2

---

Vulnerability Identifier

• CVE-2022-20662
• CVE-2022-20769
• CVE-2022-20775
• CVE-2022-20810
• CVE-2022-20818
• CVE-2022-20830
• CVE-2022-20837
• CVE-2022-20844
• CVE-2022-20847
• CVE-2022-20848
• CVE-2022-20850
• CVE-2022-20851
• CVE-2022-20855
• CVE-2022-20856
• CVE-2022-20864
• CVE-2022-20870
• CVE-2022-20915
• CVE-2022-20919
• CVE-2022-20920
• CVE-2022-20930
• CVE-2022-20944
• CVE-2022-20945

---

Source

• Cisco

---

Related Link

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2

WhatsApp 多個漏洞

發佈日期: 2022年09月29日

風險: 中度風險

類型: 用戶端 - IM、聊天及VoIP

於 WhatsApp 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• WhatsApp 2.22.16.12 之前的版本
• WhatsApp for Business 2.22.16.12 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 2.22.16.12 或之後版本

---

漏洞識別碼

• CVE-2022-27492
• CVE-2022-36934

---

資料來源

• WhatsApp

---

相關連結

• https://www.whatsapp.com/security/advisories/2022

 

WhatsApp Multiple Vulnerabilities

Release Date: 29 Sep 2022

RISK: Medium Risk

TYPE: Clients - Im, Chat & Voip

Multiple vulnerabilities were identified in WhatsApp. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• WhatsApp prior to 2.22.16.12
• WhatsApp for Business prior to 2.22.16.12

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 2.22.16.12 or later

---

Vulnerability Identifier

• CVE-2022-27492
• CVE-2022-36934

---

Source

• WhatsApp

---

Related Link

• https://www.whatsapp.com/security/advisories/2022

思科產品多個漏洞

發佈日期: 2022年09月28日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在思科產品發現多個漏洞，遠端攻擊者可利用這些漏洞在目標系統觸發繞過保安限制。

---

影響

• 繞過保安限制

---

受影響之系統或技術

詳情請參閱以下連結﹕

 

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

---

漏洞識別碼

• CVE-2021-27853
• CVE-2021-27854
• CVE-2021-27861
• CVE-2021-27862
• CVE-2022-20728

---

資料來源

• Cisco

---

相關連結

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

Cisco Products Multiple Vulnerabilities

Release Date: 28 Sep 2022

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to security restriction bypass on the targeted system.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

Please refer to the link below for detail:

 

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

---

Vulnerability Identifier

• CVE-2021-27853
• CVE-2021-27854
• CVE-2021-27861
• CVE-2021-27862
• CVE-2022-20728

---

Source

• Cisco

---

Related Link

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

Google Chrome 多個漏洞

發佈日期: 2022年09月28日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼及繞過保安限制。

---

影響

• 遠端執行程式碼
• 繞過保安限制

---

受影響之系統或技術

• Google Chrome 106.0.5249.61 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 106.0.5249.61 或之後版本

---

漏洞識別碼

• CVE-2022-3201
• CVE-2022-3304
• CVE-2022-3305
• CVE-2022-3306
• CVE-2022-3307
• CVE-2022-3308
• CVE-2022-3309
• CVE-2022-3310
• CVE-2022-3311
• CVE-2022-3312
• CVE-2022-3313
• CVE-2022-3314
• CVE-2022-3315
• CVE-2022-3316
• CVE-2022-3317
• CVE-2022-3318

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html

Google Chrome Multiple Vulnerabilities

Release Date: 28 Sep 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass

---

System / Technologies affected

• Google Chrome prior to 106.0.5249.61

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 106.0.5249.61 or later

---

Vulnerability Identifier

• CVE-2022-3201
• CVE-2022-3304
• CVE-2022-3305
• CVE-2022-3306
• CVE-2022-3307
• CVE-2022-3308
• CVE-2022-3309
• CVE-2022-3310
• CVE-2022-3311
• CVE-2022-3312
• CVE-2022-3313
• CVE-2022-3314
• CVE-2022-3315
• CVE-2022-3316
• CVE-2022-3317
• CVE-2022-3318

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html

Sophos 防火牆遠端執行程式碼漏洞

最後更新 2022年09月27日 發佈日期: 2022年09月26日

風險: 極高度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在 Sophos  防火牆發現一個漏洞。遠端使用者可利用此漏洞，於目標系統觸發遠端執行任意程式碼。

 

注意： Sophos 指出在 Sophos 防火牆韌體中的漏洞 CVE-2022-3236 被用於針對小部分機構。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• Sophos Firewall v19.0 MR1 (19.0.1) 及之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

 

注意：已啟用了“允許自動安裝修補程序”功能的 Sophos Firewall 客戶無需執行任何操作。預設設置是已啟用。

---

漏洞識別碼

• CVE-2022-3236

---

資料來源

• Sophos

---

相關連結

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Sophos Firewall Remote Code Execution Vulnerability

Last Update Date: 27 Sep 2022 Release Date: 26 Sep 2022

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note: Sophos stated that the vulnerability CVE-2022-3236 within the Sophos Firewall firmware was used to target a small subset of organisations.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Sophos Firewall version prior to v19.0 MR1 (19.0.1)

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

 

Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.

---

Vulnerability Identifier

• CVE-2022-3236

---

Source

• Sophos

---

Related Link

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Sophos 防火牆遠端執行程式碼漏洞

發佈日期: 2022年09月26日

風險: 極高度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在 Sophos  防火牆發現一個漏洞。遠端使用者可利用此漏洞，於目標系統觸發遠端執行任意程式碼。

 

注意： CVE-2022-3236 漏洞正被廣泛利用。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• Sophos Firewall v19.0 MR1 (19.0.1) 及之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

 

注意：已啟用了“允許自動安裝修補程序”功能的 Sophos Firewall 客戶無需執行任何操作。預設設置是已啟用。

---

漏洞識別碼

• CVE-2022-3236

---

資料來源

• Sophos

---

相關連結

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Sophos Firewall Remote Code Execution Vulnerability

Release Date: 26 Sep 2022

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note: CVE-2022-3236 is being exploited in the wild.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Sophos Firewall version prior to v19.0 MR1 (19.0.1)

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

 

Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.

---

Vulnerability Identifier

• CVE-2022-3236

---

Source

• Sophos

---

Related Link

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Mozilla Firefox 多個漏洞

發佈日期: 2022年09月21日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla Firefox 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。

---

影響

• 遠端執行程式碼
• 繞過保安限制
• 資料洩露
• 阻斷服務

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Firefox 105
• Firefox ESR 102.3

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Firefox 105
• Firefox ESR 102.3

---

漏洞識別碼

• CVE-2022-40956
• CVE-2022-40957
• CVE-2022-40958
• CVE-2022-40959
• CVE-2022-40960
• CVE-2022-40961
• CVE-2022-40962

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/

Mozilla Firefox Multiple Vulnerabilities

Release Date: 21 Sep 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Firefox. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Denial of Service

---

System / Technologies affected

Versions prior to:

 

• Firefox 105
• Firefox ESR 102.3

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Firefox 105
• Firefox ESR 102.3

---

Vulnerability Identifier

• CVE-2022-40956
• CVE-2022-40957
• CVE-2022-40958
• CVE-2022-40959
• CVE-2022-40960
• CVE-2022-40961
• CVE-2022-40962

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/

Mozilla Thunderbird 多個漏洞

最後更新 2022年09月21日 發佈日期: 2022年09月02日

風險: 中度風險

類型: 用戶端 - 電郵用戶端

於 Mozilla Thunderbird 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、繞過保安限制及敏感資料洩露。

 

[更新於 2022-09-21] 

更新受影響之系統或技術，解決方案及相關連結。

---

影響

• 阻斷服務
• 遠端執行程式碼
• 繞過保安限制
• 資料洩露

---

受影響之系統或技術

• Thunderbird 102.2.1 之前版本
• Thunderbird 91.13.1 之前版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

• 更新至版本 102.2.1
• 更新至版本 91.13.1

---

漏洞識別碼

• CVE-2022-3032
• CVE-2022-3033
• CVE-2022-3034
• CVE-2022-36059

---

資料來源

• Mozilla
• AusCERT

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/
• https://www.auscert.org.au/bulletins/ESB-2022.4321
• https://www.auscert.org.au/bulletins/ESB-2022.4645

Mozilla Thunderbird Multiple Vulnerabilities

Last Update Date: 21 Sep 2022 Release Date: 2 Sep 2022

RISK: Medium Risk

TYPE: Clients - Email Clients

Multiple vulnerabilities were identified in Mozilla Thunderbird. A remote attacker could exploit some of these vulnerabilities to trigger denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

 

[Updated on 2022-09-21]

Updated System / Technologies affected, Solutions and Related Links.

---

Impact

• Denial of Service
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

---

System / Technologies affected

• Thunderbird version prior to 102.2.1
• Thunderbird version prior to 91.13.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Update to version 102.2.1
• Update to version 91.13.1

---

Vulnerability Identifier

• CVE-2022-3032
• CVE-2022-3033
• CVE-2022-3034
• CVE-2022-36059

---

Source

• Mozilla
• AusCERT

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/
• https://www.auscert.org.au/bulletins/ESB-2022.4321
• https://www.auscert.org.au/bulletins/ESB-2022.4645

Linux 內核多個漏洞

發佈日期: 2022年09月20日

風險: 中度風險

類型: 操作系統 - LINUX

於 Linux 內核發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及資料篡改。

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 資料洩露
• 篡改

---

受影響之系統或技術

• SUSE Linux Enterprise High Performance Computing 15-SP4
• SUSE Linux Enterprise Module for Public Cloud 15-SP4
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15-SP4
• SUSE Linux Enterprise Server for SAP Applications 15-SP4
• SUSE Manager Proxy 4.3
• SUSE Manager Retail Branch Server 4.3
• SUSE Manager Server 4.3
• openSUSE Leap 15.4
• Ubuntu 22.04 LTS

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

對於 SUSE

安裝供應商提供的修補程式：

• https://www.suse.com/support/update/announcement/2022/suse-su-20223282-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20223288-1

 

對於 Ubuntu

安裝供應商提供的修補程式：

• https://ubuntu.com/security/notices/USN-5616-1

---

漏洞識別碼

• CVE-2016-3695
• CVE-2020-36516
• CVE-2021-4037
• CVE-2021-4203
• CVE-2021-33061
• CVE-2021-33135
• CVE-2022-1012
• CVE-2022-1184
• CVE-2022-1729
• CVE-2022-1852
• CVE-2022-1943
• CVE-2022-1973
• CVE-2022-2503
• CVE-2022-2585
• CVE-2022-2588
• CVE-2022-2639
• CVE-2022-2663
• CVE-2022-2873
• CVE-2022-2905
• CVE-2022-2938
• CVE-2022-2959
• CVE-2022-2977
• CVE-2022-3028
• CVE-2022-3078
• CVE-2022-20368
• CVE-2022-20369
• CVE-2022-21385
• CVE-2022-26373
• CVE-2022-28356
• CVE-2022-28693
• CVE-2022-29581
• CVE-2022-32296
• CVE-2022-36879
• CVE-2022-36946
• CVE-2022-39188
• CVE-2022-39190

---

資料來源

• AusCERT
• Ubuntu
• SUSE

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.4631
• https://www.auscert.org.au/bulletins/ESB-2022.4626
• https://www.auscert.org.au/bulletins/ESB-2022.4623
• https://ubuntu.com/security/notices/USN-5616-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20223282-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20223288-1

Linux Kernel Multiple Vulnerabilities

Release Date: 20 Sep 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and data manipulation on the targeted system.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

• SUSE Linux Enterprise High Performance Computing 15-SP4
• SUSE Linux Enterprise Module for Public Cloud 15-SP4
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15-SP4
• SUSE Linux Enterprise Server for SAP Applications 15-SP4
• SUSE Manager Proxy 4.3
• SUSE Manager Retail Branch Server 4.3
• SUSE Manager Server 4.3
• openSUSE Leap 15.4
• Ubuntu 22.04 LTS

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

For SUSE

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20223282-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20223288-1

 

For Ubuntu

Apply fixes issued by the vendor:

• https://ubuntu.com/security/notices/USN-5616-1

---

Vulnerability Identifier

• CVE-2016-3695
• CVE-2020-36516
• CVE-2021-4037
• CVE-2021-4203
• CVE-2021-33061
• CVE-2021-33135
• CVE-2022-1012
• CVE-2022-1184
• CVE-2022-1729
• CVE-2022-1852
• CVE-2022-1943
• CVE-2022-1973
• CVE-2022-2503
• CVE-2022-2585
• CVE-2022-2588
• CVE-2022-2639
• CVE-2022-2663
• CVE-2022-2873
• CVE-2022-2905
• CVE-2022-2938
• CVE-2022-2959
• CVE-2022-2977
• CVE-2022-3028
• CVE-2022-3078
• CVE-2022-20368
• CVE-2022-20369
• CVE-2022-21385
• CVE-2022-26373
• CVE-2022-28356
• CVE-2022-28693
• CVE-2022-29581
• CVE-2022-32296
• CVE-2022-36879
• CVE-2022-36946
• CVE-2022-39188
• CVE-2022-39190

---

Source

• AusCERT
• Ubuntu
• SUSE

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.4631
• https://www.auscert.org.au/bulletins/ESB-2022.4626
• https://www.auscert.org.au/bulletins/ESB-2022.4623
• https://ubuntu.com/security/notices/USN-5616-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20223282-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20223288-1