轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202512-00000009

[內容說明]
AsyncOS軟體是Cisco專門設計用於Cisco Secure Email Gateway、Cisco Secure Email和Web Manager的作業系統，提供處理大量郵件與網路流量，提供進階的郵件安全等多項功能。Cisco發布重大資安公告，發現AsyncOS存在重大資安漏洞(CVE-2025-20393，CVSS：10.0)，此漏洞允許攻擊者在受影響設備的底層系統以root權限執行任意命令，目前已被發現用於網路攻擊活動，詳細解決方案請見Cisco官網。

[影響平台]
所有版本的Cisco AsyncOS 軟體均受此攻擊活動影響

[建議措施]
根據官方網站釋出的解決方式進行修補：
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

[參考資料]
https://www.twcert.org.tw/tw/cp-169-10583-fb9f4-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202512-00000009

[Content Description]
AsyncOS software is an operating system specifically designed by Cisco for Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. It provides functions such as handling large volumes of email and network traffic and offering advanced email security. Cisco has issued a major cybersecurity bulletin, discovering a critical cybersecurity vulnerability in AsyncOS (CVE-2025-20393, CVSS: 10.0). This vulnerability allows attackers to execute arbitrary commands with root privileges on the underlying system of affected devices. It has already been found to be used in network attack activities. For detailed solutions, please see the Cisco website.

[Affected Platforms]
All versions of Cisco AsyncOS software are affected by this attack.

[Recommended Actions]
Patchute according to the solutions released on the official website:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

[References]
https://www.twcert.org.tw/tw/cp-169-10583-fb9f4-1.html