• 發布單位:TWCERT/CC
• 更新日期:2025-10-17
• 點閱次數:310

• 內容說明：

CISA於9/29至10/5在Known Exploited Vulnerabilities Catalog(KEV)中發布10個已遭駭客利用之漏洞。

• 影響平台：

Adminer｜Adminer

Cisco｜IOS and IOS XE

Fortra｜GoAnywhere MFT

GNU｜GNU Bash

Jenkins｜Jenkins

Juniper｜ScreenOS

Libraesva｜Email Security Gateway

Samsung｜Mobile Devices

Smartbedded｜Meteobridge

Sudo｜Sudo

• 處置建議：

修補說明請參考以下官方連結：

Adminer｜Adminer

https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6

Cisco｜IOS and IOS XE

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte

Fortra｜GoAnywhere MFT

https://www.fortra.com/security/advisories/product-security/fi-2025-012

GNU｜GNU Bash

http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23467

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

https://www.ibm.com/support/pages/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187

Jenkins｜Jenkins

https://www.jenkins.io/security/advisory/2017-04-26/

Juniper｜ScreenOS

https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756

Libraesva｜Email Security Gateway

https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/

Samsung｜Mobile Devices

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09

Smartbedded｜Meteobridge

https://forum.meteohub.de/viewtopic.php?t=18687

Sudo｜Sudo

https://www.sudo.ws/security/advisories/chroot_bug/

• CVE編號：

CVE-2014-6278

CVE-2015-7755

CVE-2017-1000353

CVE-2021-21311

CVE-2025-4008

CVE-2025-10035

CVE-2025-20352

CVE-2025-21043

CVE-2025-32463

CVE-2025-59689