國家資通安全研究院 - 1/13至1/19 Known Exploited Vulnerabilities Catalog(KEV)週報

政府組態基準(GCB)

資通安全弱點通報機制(VANS)

端點偵測及應變機制(EDR)

零信任架構(ZTA)

國家資安聯防監控中心(N-SOC)

國家資安通報應變中心(N-CERT) external link

external link

資安資訊分享

國際資安政策觀測

漏洞警訊公告

重大漏洞資訊

資安服務廠商評鑑

國家資安資訊分享與分析中心(N-ISAC)

資安人才培力

資安學習資源認定服務

巡迴研討會

資安人才培訓服務網

external link

資安系列競賽網站

external link

數位韌性教材

設計系統資源

中文化翻譯教材

共通性建議教材

1/13至1/19 Known Exploited Vulnerabilities Catalog(KEV)週報

2025/1/22 上午 08:47:29

內容說明：

CISA於1/13至1/19在Known Exploited Vulnerabilities Catalog(KEV)中發布7個已遭駭客利用之漏洞。

影響平台：

Aviatrix｜Controllers
Microsoft｜Windows
Fortinet｜FortiOS
Qlik｜Sense
BeyondTrust｜Privileged Remote Access (PRA) and Remote Support (RS)

處置建議：

修補說明請參考以下官方連結：

Aviatrix｜Controllers
https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true

Microsoft｜Windows
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335

Fortinet｜FortiOS
https://fortiguard.fortinet.com/psirt/FG-IR-24-535

Qlik｜Sense
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510

BeyondTrust｜Privileged Remote Access (PRA) and Remote Support (RS)
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11

CVE編號：

CVE-2023-48365
CVE-2024-12686
CVE-2024-50603
CVE-2024-55591
CVE-2025-21333
CVE-2025-21334
CVE-2025-21335

參考資料：

1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
2. https://nvd.nist.gov/vuln/detail/CVE-2023-48365
3. https://nvd.nist.gov/vuln/detail/CVE-2024-12686
4. https://nvd.nist.gov/vuln/detail/CVE-2024-50603
5. https://nvd.nist.gov/vuln/detail/CVE-2024-55591
6. https://nvd.nist.gov/vuln/detail/CVE-2025-21333
7. https://nvd.nist.gov/vuln/detail/CVE-2025-21334
8. https://nvd.nist.gov/vuln/detail/CVE-2025-21335