고객지원

보안 권고문

㈜아이온시큐리티에서 서비스 이용 고객님들의 안정적인 시스템 운영을 위해
필수적인 주요 보안 조치 사항을 안내해드립니다.

美 CISA 발표 주요 Exploit 정보공유(Update. 2023-11-13) 관리자 2023-11-15 04:09:50
현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다.
* 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog

cveIDvendorProjectvulnerabilityNamedateAddedshortDescriptionrequiredActiondueDate
CVE-2023-36851JuniperJuniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability2023-11-13Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.2023-11-17
CVE-2023-36847JuniperJuniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability2023-11-13Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.2023-11-17
CVE-2023-36846JuniperJuniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability2023-11-13Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.2023-11-17
CVE-2023-36845JuniperJuniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability2023-11-13Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code.Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.2023-11-17
CVE-2023-36844JuniperJuniper Junos OS EX Series PHP External Variable Modification Vulnerability2023-11-13Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities.Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.2023-11-17
CVE-2023-47246SysAidSysAid Server Path Traversal Vulnerability2023-11-13SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.2023-12-04

첨부 파일 :