米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cybersecurity and Infrastructure Security Agency)は3月25日(米国時間)、「CISA Adds 66 Known Exploited Vulnerabilities to Catalog|CISA」において、「Known Exploited Vulnerabilities Catalog」に66個の脆弱性を追加したと伝えた。これら脆弱性はサイバー犯罪者によって悪用されていることが確認されている。迅速に確認を行いたい。

カタログに追加された脆弱性は次のとおり。

CVE番号 脆弱性の内容
CVE-2022-26318 WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
CVE-2022-26143 MiCollab, MiVoice Business Express Access Control Vulnerability
CVE-2022-21999 Microsoft Windows Print Spooler Privilege Escalation Vulnerability
CVE-2021-42237 Sitecore XP Remote Command Execution Vulnerability
CVE-2021-22941 Citrix ShareFile Improper Access Control Vulnerability
CVE-2020-9377 D-Link DIR-610 Devices Remote Command Execution
CVE-2020-9054 Zyxel Multiple NAS Devices OS Command Injection Vulnerability
CVE-2020-7247 OpenSMTPD Remote Code Execution Vulnerability
CVE-2020-5410 VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
CVE-2020-25223 Sophos SG UTM Remote Code Execution Vulnerability
CVE-2020-2506 QNAP Helpdesk Improper Access Control Vulnerability
CVE-2020-2021 Palo Alto PAN-OS Authentication Bypass Vulnerability
CVE-2020-1956 Apache Kylin OS Command Injection Vulnerability
CVE-2020-1631 Juniper Junos OS Path Traversal Vulnerability
CVE-2019-6340 Drupal Core Remote Code Execution Vulnerability
CVE-2019-2616 Oracle BI Publisher Unauthorized Access Vulnerability
CVE-2019-16920 D-Link Multiple Routers Command Injection Vulnerability
CVE-2019-15107 Webmin Command Injection Vulnerability
CVE-2019-12991 Citrix SD-WAN and NetScaler Command Injection Vulnerability
CVE-2019-12989 Citrix SD-WAN and NetScaler SQL Injection Vulnerability
CVE-2019-11043 PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CVE-2019-10068 Kentico Xperience Deserialization of Untrusted Data Vulnerability
CVE-2019-1003030 Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
CVE-2019-0903 Microsoft GDI Remote Code Execution Vulnerability
CVE-2018-8414 Microsoft Windows Shell Remote Code Execution Vulnerability
CVE-2018-8373 Microsoft Scripting Engine Memory Corruption Vulnerability
CVE-2018-6961 VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
CVE-2018-14839 LG N1A1 NAS Remote Command Execution Vulnerability
CVE-2018-1273 VMware Tanzu Spring Data Commons Property Binder Vulnerability
CVE-2018-11138 Quest KACE System Management Appliance Remote Command Execution Vulnerability
CVE-2018-0147 Cisco Secure Access Control System Java Deserialization Vulnerability
CVE-2018-0125 Cisco VPN Routers Remote Code Execution Vulnerability
CVE-2017-6334 NETGEAR DGN2200 Devices OS Command Injection Vulnerability
CVE-2017-6316 Citrix Multiple Products Remote Code Execution Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2017-12617 Apache Tomcat Remote Code Execution Vulnerability
CVE-2017-12615 Apache Tomcat on Windows Remote Code Execution Vulnerability
CVE-2017-0146 Microsoft Windows SMB Remote Code Execution Vulnerability
CVE-2016-7892 Adobe Flash Player Use-After-Free Vulnerability
CVE-2016-4171 Adobe Flash Player Remote Code Execution Vulnerability
CVE-2016-1555 NETGEAR Multiple WAP Devices Command Injection Vulnerability
CVE-2016-11021 D-Link DCS-930L Devices OS Command Injection Vulnerability
CVE-2016-10174 NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
CVE-2016-0752 Ruby on Rails Directory Traversal Vulnerability
CVE-2015-4068 Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability
CVE-2015-3035 TP-Link Multiple Archer Devices Directory Traversal Vulnerability
CVE-2015-1427 Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
CVE-2015-1187 D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
CVE-2015-0666 Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
CVE-2014-6332 Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability
CVE-2014-6324 Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
CVE-2014-6287 Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
CVE-2014-3120 Elasticsearch Remote Code Execution Vulnerability
CVE-2014-0130 Ruby on Rails Directory Traversal Vulnerability
CVE-2013-5223 D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
CVE-2013-4810 HP Multiple Products Remote Code Execution Vulnerability
CVE-2013-2251 Apache Struts Improper Input Validation Vulnerability
CVE-2012-1823 PHP-CGI Query String Parameter Vulnerability
CVE-2010-4345 Exim Privilege Escalation Vulnerability
CVE-2010-4344 Exim Heap-Based Buffer Overflow Vulnerability
CVE-2010-3035 Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
CVE-2010-2861 Adobe ColdFusion Directory Traversal Vulnerability
CVE-2009-2055 Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
CVE-2009-1151 phpMyAdmin Remote Code Execution Vulnerability
CVE-2009-0927 Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
CVE-2005-2773 HP OpenView Network Node Manager Remote Code Execution Vulnerability

影響を受ける主な製品やサービスは次のとおり。

  • Adobe Acrobat
  • Adobe Reader
  • BI Publisher (Formerly XML Publisher)
  • ColdFusion
  • Core
  • DCS-930L Devices
  • DGN2200 Devices
  • DIR-610 Devices
  • DSL-2760U
  • Elasticsearch
  • Exim
  • FastCGI Process Manager (FPM)
  • Firebox and XTM Appliances
  • Flash Player
  • Graphics Device Interface (GDI)
  • HTTP File Server (HFS)
  • Helpdesk
  • IOS XE
  • IOS XR
  • Internet Explorer Scripting Engine
  • Junos OS
  • KACE System Management Appliance
  • Kerberos Key Distribution Center (KDC)
  • Kylin
  • Matrix Project Plugin
  • MiCollab, MiVoice Business Express
  • Multiple Archer Devices
  • Multiple Devices
  • Multiple Network-Attached Storage (NAS) Devices
  • Multiple Routers
  • N1A1 NAS
  • NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, XenMobile Server
  • OpenSMTPD
  • OpenView Network Node Manager
  • PAN-OS
  • PHP
  • Prime Data Center Network Manager (DCNM)
  • ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), Application Lifecycle Management
  • Ruby on Rails
  • SD-WAN Edge
  • SD-WAN and NetScaler
  • SG UTM
  • Secure Access Control System (ACS)
  • ShareFile
  • Spring Cloud Configuration (Config) Server
  • Spring Data Commons
  • Struts
  • Tomcat
  • Unified Data Protection (UDP)
  • VPN Routers
  • WNR2000v5 Router
  • Webmin
  • (Windows版)
  • Windows Object Linking and Embedding (OLE)
  • Wireless Access Point (WAP) Devices
  • XP
  • Xperience
  • phpMyAdmin

カタログに追加された脆弱性は悪用が既に確認されている点に注意が必要。該当する製品を使っている場合は提供されているCVE情報やベンダーの提供する情報を確認するとともに、迅速にアップデートを適用することが望まれる。

また今回カタログに追加された脆弱性は、最も古いもので2005年に発行されたものが含まれている。カタログにはアクティブに悪用されている脆弱性が追加される仕組みになっており、脆弱性自体は古いものが含まれることも多い。長期にわたって使っている製品が脆弱性を抱えたままになっていることもあるため、カタログに追加された製品に関しては再度情報を確認するとともに、必要に応じてアップデートを適用することが望まれる。