米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cybersecurity and Infrastructure Security Agency)は12月13日(米国時間)、「CISA Adds Five Known Exploited Vulnerabilities to Catalog|CISA」において、「Known Exploited Vulnerabilities Catalog」に5個の脆弱性を追加したと伝えた。
翌日の12月14日(米国時間)には、「CISA Adds One Known Exploited Vulnerability to Catalog | CISA」に、脆弱性を1個追加している。
影響を受ける主な製品やサービスは次のとおり。
- CVE-2022-42856 Apple - iOS
- CVE-2022-42475 Fortinet - FortiOS
- CVE-2022-44698 Microsoft - Defender
- CVE-2022-27518 Citrix - Application Delivery Controller (ADC) and Gateway
- CVE-2022-26500 Veeam - Backup & Replication
- CVE-2022-26501 Veeam - Backup & Replication
脆弱性の主な内容は次のとおり。
CVE番号 | 脆弱性の内容 |
---|---|
CVE-2022-42856 | Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. |
CVE-2022-42475 | Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests. |
CVE-2022-44698 | Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. |
CVE-2022-27518 | Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability which allows an attacker to execute code as administrator. |
CVE-2022-26500 | The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. |
CVE-2022-26501 | The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. |
カタログに追加された脆弱性は積極的に悪用が既に確認されている点に注意が必要。該当する製品を使っている場合は、提供されているCVE情報やベンダーの提供する情報を確認するとともに、迅速にアップデートを適用することが望まれる。