米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cybersecurity and Infrastructure Security Agency)は3月28日(米国時間)、「CISA Adds 32 Known Exploited Vulnerabilities to Catalog|CISA」において、「Known Exploited Vulnerabilities Catalog」に32個の脆弱性を追加したと伝えた。これら脆弱性はサイバー犯罪者によって積極的に悪用されていることが確認されている。
カタログに追加された脆弱性は次のとおり。
CVE番号 | 脆弱性内容 |
---|---|
CVE-2022-1096 | The vulnerability exists due to a type confusion error within the V8 component in Chromium, affecting all Chromium-based browsers. |
CVE-2022-0543 | Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |
CVE-2021-38646 | Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. |
CVE-2021-34486 | Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation. |
CVE-2021-26085 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. |
CVE-2021-20028 | SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. |
CVE-2019-7483 | In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. |
CVE-2018-8440 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). |
CVE-2018-8406 | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. |
CVE-2018-8405 | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. |
CVE-2017-0213 | Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. |
CVE-2017-0059 | Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. |
CVE-2017-0037 | Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. |
CVE-2016-7201 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. |
CVE-2016-7200 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. |
CVE-2016-0189 | The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. |
CVE-2016-0151 | The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. |
CVE-2016-0040 | The kernel in Microsoft Windows allows local users to gain privileges via a crafted application. |
CVE-2015-2426 | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. |
CVE-2015-2419 | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. |
CVE-2015-1770 | Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. |
CVE-2013-3660 | The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges. |
CVE-2013-2729 | Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. |
CVE-2013-2551 | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object. |
CVE-2013-2465 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
CVE-2013-1690 | Mozilla Firefox and Thunderbird do not properly handle onreadystatechange evens in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site. |
CVE-2012-5076 | The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. |
CVE-2012-2539 | Microsoft Word allows attackers to execute remote code or cause a denial-of-service via crafted RTF data. |
CVE-2012-2034 | Adobe Flash Player contains a memory corruption vulnerability which allows for remote code execution or denial-of-service. |
CVE-2012-0518 | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors |
CVE-2011-2005 | afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application. |
CVE-2010-4398 | Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature. |
影響を受ける主な製品や技術、サービスは次のとおり。
- Adobe Acrobat
- Adone Reader
- Ancillary Function Driver (afd.sys)
- Chromium V8
- Client-Server Run-time Subsystem (CSRSS)
- Confluence Server
- Debian-specific Redis Servers
- DirectX Graphics Kernel (DXGKRNL)
- Edge
- Firefox
- Flash Player
- Fusion Middleware
- Internet Explorer
- Java SE
- Office
- Secure Remote Access (SRA)
- SMA100
- Thunderbird
- Win32k
- Windows
- Word
カタログに追加された脆弱性は悪用が確認されている点に注意が必要。該当する製品を使っている場合は提供されているCVE情報やベンダーが提供する情報を確認するとともに、迅速にアップデートを適用することが望まれる。
CISAはこのところ定期的にカタログにアクティブに使われている脆弱性に関する情報を追加している。それらの中には、以前追加された製品が含まれていることも多い。それぞれ異なる脆弱性だが製品は同じというケースだ。一旦カタログを確認したとしても、このように追加された情報に同じ製品が含まれていることもある。情報が追加されるごとにカタログを確認し、使用している製品が含まれている場合には都度確認を行うことが望まれる。