{"id":3572,"date":"2025-03-19T21:49:44","date_gmt":"2025-03-19T21:49:44","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=3572"},"modified":"2025-03-19T21:49:48","modified_gmt":"2025-03-19T21:49:48","slug":"cisa-them-ba-lo-hong-moi-vao-danh-sach-nguy-hiem-nhat-cua-ho-nhung-dieu-ban-can-biet","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cisa-them-ba-lo-hong-moi-vao-danh-sach-nguy-hiem-nhat-cua-ho-nhung-dieu-ban-can-biet\/","title":{"rendered":"CISA Th\u00eam Ba L\u1ed7 H\u1ed5ng M\u1edbi V\u00e0o Danh S\u00e1ch \u201cNguy Hi\u1ec3m Nh\u1ea5t\u201d C\u1ee7a H\u1ecd: Nh\u1eefng \u0110i\u1ec1u B\u1ea1n C\u1ea7n Bi\u1ebft"},"content":{"rendered":"

C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng (CISA) v\u1eeba c\u00f4ng b\u1ed1 Danh m\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft b\u1ecb khai th\u00e1c (KEV) m\u1edbi nh\u1ea5t v\u1edbi ba \u0111i\u1ec3m y\u1ebfu b\u1ea3o m\u1eadt m\u1edbi m\u00e0 tin t\u1eb7c hi\u1ec7n \u0111ang khai th\u00e1c \u0111\u1ec3 hack v\u00e0o h\u1ec7 th\u1ed1ng. \u00dd ngh\u0129a c\u1ee7a th\u00f4ng b\u00e1o n\u00e0y d\u1ef1a tr\u00ean th\u1ef1c t\u1ebf l\u00e0 c\u00e1c c\u1ea3nh b\u00e1o c\u1ee7a CISA kh\u00f4ng ch\u1ec9 ra m\u1ed9t s\u1ed1 t\u00ecnh hu\u1ed1ng l\u00fd thuy\u1ebft n\u00e0o \u0111\u00f3 \u2013 nh\u1eefng l\u1ed7 h\u1ed5ng n\u00e0y l\u00e0 nh\u1eefng l\u1ed7 h\u1ed5ng ch\u1eafc ch\u1eafn theo ngh\u0129a l\u00e0 ch\u00fang th\u1ef1c s\u1ef1 \u0111ang b\u1ecb x\u00e2m ph\u1ea1m cho c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng th\u1ef1c s\u1ef1.<\/p>\n\n\n

\u0110\u00e3 th\u00eam nh\u1eefng g\u00ec?<\/strong><\/h2>\n\n\n

Ch\u00fang ta h\u00e3y d\u1ecbch ba l\u1ed7 h\u1ed5ng n\u00e0y sang ng\u00f4n ng\u1eef th\u00f4ng th\u01b0\u1eddng:<\/p>\n\n\n

1. L\u1ed7 h\u1ed5ng c\u1ee7a Camera IP Edimax (CVE-2025-1316)<\/strong><\/h2>\n\n\n
\"L\u1ed7<\/figure>\n\n\n\n

V\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c \u0111\u1ec1 c\u1eadp trong camera an ninh Edimax IC-7100<\/a> \u0111\u1ec1 c\u1eadp \u0111\u1ebfn c\u00e1i g\u1ecdi l\u00e0 "command injection". \u00dd t\u01b0\u1edfng l\u00e0 k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 khi\u1ebfn camera th\u1ef1c thi m\u00e3 \u0111\u1ed9c h\u1ea1i. V\u1edbi nh\u1eefng camera n\u00e0y \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp t\u1ea1i nh\u00e0 ho\u1eb7c v\u0103n ph\u00f2ng, ch\u00fang c\u00f3 th\u1ec3 b\u1ecb nh\u1eafm m\u1ee5c ti\u00eau b\u1edfi nh\u1eefng ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng \u0111\u01b0\u1ee3c \u1ee7y quy\u1ec1n, nh\u1eefng ng\u01b0\u1eddi c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o ngu\u1ed3n c\u1ea5p d\u1eef li\u1ec7u camera c\u1ee7a b\u1ea1n, thay \u0111\u1ed5i c\u00e0i \u0111\u1eb7t ho\u1eb7c s\u1eed d\u1ee5ng nh\u1eefng camera n\u00e0y \u0111\u1ec3 t\u1ea5n c\u00f4ng c\u00e1c thi\u1ebft b\u1ecb kh\u00e1c tr\u00ean m\u1ea1ng c\u1ee7a b\u1ea1n.<\/p>\n\n\n

2. L\u1ed7 h\u1ed5ng ph\u1ea7n m\u1ec1m sao l\u01b0u NAKIVO (CVE-2024-48248)<\/strong><\/h2>\n\n\n
\"L\u1ed7<\/figure>\n\n\n\n

NAKIVO<\/a> ph\u00e1t tri\u1ec3n c\u00e1c gi\u1ea3i ph\u00e1p sao l\u01b0u v\u00e0 ph\u1ee5c h\u1ed3i \u0111\u01b0\u1ee3c nhi\u1ec1u doanh nghi\u1ec7p s\u1eed d\u1ee5ng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u. L\u1ed7i \u0111ang \u0111\u01b0\u1ee3c \u0111\u1ec1 c\u1eadp \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 \u201cduy\u1ec7t \u0111\u01b0\u1eddng d\u1eabn tuy\u1ec7t \u0111\u1ed1i<\/a>\u201d, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng truy c\u1eadp v\u00e0o c\u00e1c t\u1ec7p m\u00e0 ch\u00fang kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p xem. \u0110i\u1ec1u n\u00e0y \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m trong tr\u01b0\u1eddng h\u1ee3p ph\u1ea7n m\u1ec1m sao l\u01b0u, n\u01a1i c\u00e1c b\u1ea3n sao l\u01b0u th\u01b0\u1eddng ch\u1ee9a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m. K\u1ebb x\u00e2m nh\u1eadp x\u00e2m ph\u1ea1m l\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 truy c\u1eadp, \u0111\u00e1nh c\u1eafp ho\u1eb7c x\u00f3a d\u1eef li\u1ec7u \u0111\u00e3 sao l\u01b0u.<\/p>\n\n\n

3. L\u1ed7 h\u1ed5ng SAP NetWeaver (CVE-2017-12637)<\/strong><\/h2>\n\n\n
\"L\u1ed7<\/figure>\n\n\n\n

\u0110i\u1ec1u n\u00e0y \u0111\u1eb7c bi\u1ec7t quan tr\u1ecdng v\u00ec n\u00f3 xu\u1ea5t hi\u1ec7n t\u1eeb n\u0103m 2017, kh\u00e1 l\u00e2u r\u1ed3i \u2013 t\u1ee9c l\u00e0 g\u1ea7n t\u00e1m n\u0103m. SAP NetWeaver l\u00e0 m\u1ed9t trong nh\u1eefng n\u1ec1n t\u1ea3ng c\u00f4ng ngh\u1ec7 th\u1ef1c hi\u1ec7n nhi\u1ec1u \u1ee9ng d\u1ee5ng kinh doanh quan tr\u1ecdng. Kho\u1ea3ng c\u00e1ch \u0111\u00f3 ch\u00ednh x\u00e1c l\u00e0 lo\u1ea1i th\u1ee9 s\u1ebd t\u1ea1o n\u00ean m\u1ed9t \u201cduy\u1ec7t th\u01b0 m\u1ee5c<\/a>\u201d n\u01a1i m\u00e0, v\u00ec n\u00f3, nh\u1eefng k\u1ebb x\u00e2m nh\u1eadp c\u00f3 th\u1ec3 n\u1eafm gi\u1eef c\u00e1c t\u1ec7p v\u00e0 th\u01b0 m\u1ee5c kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p. Th\u1ef1c t\u1ebf l\u00e0 nhi\u1ec1u h\u1ec7 th\u1ed1ng kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng b\u1edfi b\u1ea3n v\u00e1, ngay c\u1ea3 sau nhi\u1ec1u n\u0103m, l\u00e0 l\u00fd do t\u1ea1i sao nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng hi\u1ec7n \u0111ang khai th\u00e1c n\u00f3.<\/p>\n\n\n

T\u1ea1i sao \u0111i\u1ec1u n\u00e0y quan tr\u1ecdng v\u1edbi m\u1ecdi ng\u01b0\u1eddi<\/strong><\/h2>\n\n\n

M\u1eb7c d\u00f9 c\u00e1c h\u01b0\u1edbng d\u1eabn c\u1ee7a CISA ch\u1ec9 b\u1eaft bu\u1ed9c \u0111\u1ed1i v\u1edbi c\u00e1c c\u01a1 quan ch\u00ednh quy\u1ec1n li\u00ean bang, nh\u01b0ng KEV Catalog c\u1ee7a h\u1ecd \u0111\u00e3 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp l\u00e0 ngu\u1ed3n c\u1eadp nh\u1eadt nh\u1ea5t \u0111\u1ec3 l\u1ef1a ch\u1ecdn c\u00e1c l\u1ed7i quan tr\u1ecdng nh\u1ea5t c\u1ea7n s\u1eeda. Khi m\u1ed9t l\u1ed7i \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o danh s\u00e1ch n\u00e0y, \u0111i\u1ec1u \u0111\u00f3 c\u00f3 ngh\u0129a l\u00e0:<\/p>\n\n\n\n