轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202603-00000007

[內容說明]
【CVE-2026-22719】Broadcom VMware Aria Operations Command Injection Vulnerability (CVSS v3.1: 8.1)
【是否遭勒索軟體利用:未知】 Broadcom VMware Aria Operations 存在指令注入漏洞，未經驗證的攻擊者可利用此漏洞執行任意指令，可能在支援輔助產品遷移時導致遠端程式碼執行。

【CVE-2026-21385】Qualcomm Multiple Chipsets Memory Corruption Vulnerability (CVSS v3.1: 7.8)
【是否遭勒索軟體利用:未知】 多款 Qualcomm 晶片組在進行記憶體配置對齊時存在記憶體毀損漏洞。

【CVE-2017-7921】Hikvision Multiple Products Improper Authentication Vulnerability (CVSS v3.1: 9.8)
【是否遭勒索軟體利用:未知】 多款 Hikvision 產品存在不當身分驗證漏洞，惡意使用者可能藉此提升系統權限並存取敏感資訊。

【CVE-2021-22681】Rockwell Multiple Products Insufficient Protected Credentials Vulnerability (CVSS v3.1: 9.8)
【是否遭勒索軟體利用:未知】 多款 Rockwell 產品存在憑證保護不足漏洞。Studio 5000 Logix Designer 軟體中的一組金鑰可能被發現，而該金鑰用於驗證 Logix 控制器與 Rockwell Automation 設計軟體之間的通訊。若成功利用此漏洞，未經授權的應用程式可能連線至 Logix 控制器。

【CVE-2023-43000】Apple Multiple products Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 Apple macOS、iOS、iPadOS 與 Safari 16.6 存在記憶體釋放後使用漏洞。當系統處理惡意構造的網頁內容時，可能導致記憶體毀損。

【CVE-2021-30952】Apple Multiple Products Integer Overflow or Wraparound Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 Apple tvOS、macOS、Safari、iPadOS 與 watchOS 存在整數溢位或回繞漏洞。當系統處理惡意構造的網頁內容時，可能導致任意程式碼執行。

【CVE-2023-41974】Apple iOS and iPadOS Use-After-Free Vulnerability (CVSS v3.1: 7.8)
【是否遭勒索軟體利用:未知】 Apple iOS 與 iPadOS 存在記憶體釋放後使用漏洞，應用程式可能藉此以核心權限執行任意程式碼。

[影響平台]
【CVE-2026-22719】請參考官方所列的影響版本
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】請參考官方所列的影響版本
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】請參考官方所列的影響版本
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】請參考官方所列的影響版本
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】請參考官方所列的影響版本
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】請參考官方所列的影響版本
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】請參考官方所列的影響版本
https://support.apple.com/en-us/HT213938

[建議措施]
【CVE-2026-22719】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://support.apple.com/en-us/HT213938

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000007

[Content Description]
【CVE-2026-22719】Broadcom VMware Aria Operations Command Injection Vulnerability (CVSS v3.1: 8.1)
【Exploited by Ransomware: Unknown】 A command injection vulnerability exists in Broadcom VMware Aria Operations. An unverified attacker could exploit this vulnerability to execute arbitrary commands, potentially leading to remote code execution during support product migration.

【CVE-2026-21385】Qualcomm Multiple Chipsets Memory Corruption Vulnerability (CVSS v3.1: 7.8)
【Exploited by Ransomware: Unknown】 Multiple Qualcomm chipsets contain a memory corruption vulnerability during memory configuration alignment.

【CVE-2017-7921】Hikvision Multiple Products Improper Authentication Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】 Multiple Hikvision products contain an improper authentication vulnerability, which malicious users could exploit to escalate system privileges and access sensitive information.

【CVE-2021-22681】Rockwell Multiple Products Insufficient Protected Credentials Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】 Multiple Rockwell products contain an insufficient credential protection vulnerability. A set of keys in Studio 5000 Logix Designer software may be discovered, and this key is used to authenticate communication between the Logix controller and Rockwell Automation design software. If this vulnerability is successfully exploited, unauthorized applications could connect to the Logix controller.

【CVE-2023-43000】Apple Multiple Products Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】 A use-after-free vulnerability exists in Apple macOS, iOS, iPadOS, and Safari 16.6. This vulnerability could lead to memory corruption when the system processes maliciously crafted web page content.

【CVE-2021-30952】Apple Multiple Products Integer Overflow or Wraparound Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】 An integer overflow or wraparound vulnerability exists in Apple tvOS, macOS, Safari, iPadOS, and watchOS. This vulnerability could lead to arbitrary code execution when the system processes maliciously crafted web page content.

【CVE-2023-41974】Apple iOS and iPadOS Use-After-Free Vulnerability (CVSS v3.1: 7.8)
【Exploitation by Ransomware: Unknown】 Apple iOS and iPadOS contain a use-after-free vulnerability that could allow applications to execute arbitrary code with kernel privileges.

[Affected Platforms]
【CVE-2026-22719】Please refer to the official list of affected versions.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】Please refer to the official list of affected versions.
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】Please refer to the official list of affected versions.
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】Please refer to the official list of affected versions. [CVE-2023-43000] Please refer to the official affected versions listed below:
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】Please refer to the official affected versions listed below:
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】Please refer to the official affected versions listed below:
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978 [https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】Please refer to the affected versions listed in the official documentation.
https://support.apple.com/en-us/HT213938

[Recommended Actions]
【CVE-2026-22719】An official patch update has been released for this vulnerability. Please update to the relevant version.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】 Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】 An official update has been released to fix the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/HT213938