• 發布單位:TWCERT/CC
• 更新日期:2024-12-26
• 點閱次數:466

• 內容說明：

CISA於12/16至12/22在Known Exploited Vulnerabilities Catalog(KEV)中發布8個已遭駭客利用之漏洞。

• 影響平台：

BeyondTrust｜Privileged Remote Access (PRA) and Remote Support (RS)
Reolink｜RLC-410W、C1 Pro、C2 Pro、RLC-422W及RLC-511W IP cameras
NUUO｜NVRmini Devices與 NVRmini2 Devices
Cleo｜Harmony、VLTrader及LexiCom
Microsoft｜Windows
Adobe｜ColdFusion

• 處置建議：

修補說明請參考以下官方連結：
BeyondTrust｜Privileged Remote Access (PRA) and Remote Support (RS)
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
Reolink｜RLC-410W、C1 Pro、C2 Pro、RLC-422W及RLC-511W IP cameras
https://reolink.com/product-eol/
https://reolink.com/download-center/
NUUO｜NVRmini Devices
https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter%EF%BC%BFNVRmini-2-and-NVRsolo-series.pdf
Cleo｜Harmony、VLTrader及LexiCom
https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956
Microsoft｜Windows
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250
Adobe｜ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html

• CVE編號：

CVE-2018-14933
CVE-2019-11001
CVE-2021-40407
CVE-2022-23227
CVE-2024-12356
CVE-2024-20767
CVE-2024-35250
CVE-2024-55956