一、漏洞簡述
CISA 於 9/29 至 10/5 在 Known Exploited Vulnerabilities Catalog(KEV)中發布 10 個已遭駭客利用之漏洞。
二、設備/版本影響
-
Adminer|Adminer
-
Cisco|IOS and IOS XE
-
Fortra|GoAnywhere MFT
-
GNU|GNU Bash
-
Jenkins|Jenkins
-
Juniper|ScreenOS
-
Libraesva|Email Security Gateway
-
Samsung|Mobile Devices
-
Smartbedded|Meteobridge
-
Sudo|Sudo
三、建議處置(原文複製)
修補說明請參考以下官方連結:
Adminer|Adminer
https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
Cisco|IOS and IOS XE
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
Fortra|GoAnywhere MFT
https://www.fortra.com/security/advisories/product-security/fi-2025-012
GNU|GNU Bash
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23467
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
https://www.ibm.com/support/pages/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187
Jenkins|Jenkins
https://www.jenkins.io/security/advisory/2017-04-26/
Libraesva|Email Security Gateway
https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/
Samsung|Mobile Devices
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09
Smartbedded|Meteobridge
https://forum.meteohub.de/viewtopic.php?t=18687
Sudo|Sudo
https://www.sudo.ws/security/advisories/chroot_bug/
四、相關連結
CVE 編號:
CVE-2014-6278
CVE-2015-7755
CVE-2017-1000353
CVE-2021-21311
CVE-2025-4008
CVE-2025-10035
CVE-2025-20352
CVE-2025-21043
CVE-2025-32463
CVE-2025-59689
參考資料: