{"id":3927,"date":"2025-09-26T14:25:58","date_gmt":"2025-09-26T06:25:58","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3927"},"modified":"2025-09-26T14:25:58","modified_gmt":"2025-09-26T06:25:58","slug":"%e3%80%90cisa-%e8%ad%a6%e7%a4%ba%e3%80%91cisco-asa-ftd-%e9%9b%b6%e6%97%a5%e6%bc%8f%e6%b4%9e%e8%a2%ab%e7%a9%8d%e6%a5%b5%e5%88%a9%e7%94%a8%ef%bc%8c%e7%b6%b2%e8%b7%af%e9%82%8a%e7%95%8c%e5%ae%89%e5%85%a8","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3927","title":{"rendered":"\u3010CISA \u8b66\u793a\u3011Cisco ASA\/FTD \u96f6\u65e5\u6f0f\u6d1e\u88ab\u7a4d\u6975\u5229\u7528\uff0c\u7db2\u8def\u908a\u754c\u5b89\u5168\u9762\u81e8\u91cd\u5927\u5a01\u8105"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"497\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/09\/image-8.png\" alt=\"\" class=\"wp-image-3929\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/09\/image-8.png 675w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/09\/image-8-300x221.png 300w\" sizes=\"auto, (max-width: 675px) 100vw, 675px\" \/><figcaption class=\"wp-element-caption\">\u7f8e\u570b CISA \u66f4\u767c\u5e03\u7dca\u6025\u6307\u4ee4 (ED 25-03)<\/figcaption><\/figure>\n\n\n\n<p>Cisco \u8fd1\u65e5\u767c\u5e03\u7dca\u6025\u5b89\u5168<a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/resources\/asa_ftd_continued_attacks\" title=\"\">\u901a\u544a<\/a>\uff0c\u8981\u6c42\u7528\u6236\u7acb\u5373\u4fee\u88dc <strong>Cisco Secure Firewall Adaptive Security Appliance (ASA)<\/strong> \u8207 <strong>Cisco Secure Firewall Threat Defense (FTD)<\/strong> \u8edf\u9ad4\u4e2d\u5169\u9805\u91cd\u5927\u96f6\u65e5\u6f0f\u6d1e\u3002\u6839\u64da Cisco \u7684\u8aaa\u660e\uff0c\u9019\u4e9b\u6f0f\u6d1e\u5df2\u5728\u5be6\u969b\u74b0\u5883\u4e2d\u88ab\u5229\u7528\uff0c\u53ef\u80fd\u5c0d\u4f01\u696d\u8207\u653f\u5e9c\u6a5f\u69cb\u7684\u7db2\u8def\u908a\u754c\u8a2d\u5099\u9020\u6210\u56b4\u91cd\u5a01\u8105\u3002<\/p>\n\n\n\n<p><strong>\u5169\u5927\u96f6\u65e5\u6f0f\u6d1e\u91cd\u9ede<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-20333\">CVE-2025-20333<\/a> (CVSS 9.9)<\/strong><br>\u6f0f\u6d1e\u6e90\u65bc HTTP(S) \u8acb\u6c42\u5c0d\u4f7f\u7528\u8005\u8f38\u5165\u9a57\u8b49\u4e0d\u7576\u3002\u653b\u64ca\u8005\u82e5\u64c1\u6709\u5408\u6cd5 VPN \u5e33\u865f\uff0c\u900f\u904e\u7279\u88fd HTTP \u8acb\u6c42\u5373\u53ef\u5728\u53d7\u5f71\u97ff\u8a2d\u5099\u4e0a\u4ee5 root \u6b0a\u9650\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u98a8\u96aa\u6975\u9ad8\u3002<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-20362\">CVE-2025-20362<\/a> (CVSS 6.5)<\/strong><br>\u540c\u6a23\u56e0\u8f38\u5165\u9a57\u8b49\u7f3a\u9677\uff0c\u5141\u8a31\u672a\u7d93\u9a57\u8b49\u7684\u9060\u7aef\u653b\u64ca\u8005\u5b58\u53d6\u53d7\u9650 URL \u7aef\u9ede\uff0c\u8f15\u6613\u7e5e\u904e\u8a8d\u8b49\u63a7\u5236\u3002<\/li>\n<\/ul>\n\n\n\n<p>Cisco \u8868\u793a\uff0c\u76ee\u524d\u5df2\u89c0\u5bdf\u5230\u91dd\u5c0d\u9019\u5169\u500b\u6f0f\u6d1e\u7684 <strong>\u5617\u8a66\u6027\u5229\u7528\u884c\u70ba<\/strong>\uff0c\u4e26\u61f7\u7591\u99ed\u5ba2\u53ef\u80fd\u5c07\u5169\u6f0f\u6d1e <strong>\u4e32\u9023\u4f7f\u7528<\/strong>\uff0c\u4ee5\u7a81\u7834\u8a8d\u8b49\u6a5f\u5236\u4e26\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<p><strong>\u570b\u969b\u8cc7\u5b89\u55ae\u4f4d\u5354\u52a9\u8abf\u67e5<\/strong><\/p>\n\n\n\n<p>\u6b64\u6b21\u6f0f\u6d1e\u4e8b\u4ef6\u7372\u5f97\u591a\u570b\u653f\u5e9c\u8cc7\u5b89\u55ae\u4f4d\u652f\u63f4\uff0c\u5305\u62ec\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6fb3\u6d32\u8cc7\u5b89\u5c40 (ASD \/ ACSC)<\/li>\n\n\n\n<li>\u52a0\u62ff\u5927\u7db2\u8def\u5b89\u5168\u4e2d\u5fc3<\/li>\n\n\n\n<li>\u82f1\u570b NCSC<\/li>\n\n\n\n<li>\u7f8e\u570b CISA<\/li>\n<\/ul>\n\n\n\n<p>\u7f8e\u570b <strong>CISA<\/strong> \u66f4\u767c\u5e03<a href=\"https:\/\/www.cisa.gov\/news-events\/news\/cisa-issues-emergency-directive-requiring-federal-agencies-identify-and-mitigate-cisco-zero-day\">\u7dca\u6025\u6307\u4ee4<\/a> (ED 25-03)\uff0c\u8981\u6c42\u806f\u90a6\u6a5f\u69cb <strong>24 <\/strong><strong>\u5c0f\u6642\u5167\u6aa2\u6e2c\u8207\u4fee\u88dc<\/strong>\uff0c\u4e26\u5c07\u5169\u6f0f\u6d1e\u7d0d\u5165 <strong>\u5df2\u77e5\u906d\u5229\u7528\u6f0f\u6d1e (KEV) <\/strong><strong>\u6e05\u55ae<\/strong>\u3002CISA \u8b66\u544a\uff0cAPT \u653b\u64ca\u8005\u5df2\u5c55\u958b\u5927\u898f\u6a21\u653b\u64ca\uff0c\u5229\u7528\u96f6\u65e5\u6f0f\u6d1e\u5c0d ASA \u8a2d\u5099\u9032\u884c\u672a\u7d93\u6388\u6b0a\u7684\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\uff0c\u751a\u81f3\u4fee\u6539 <strong>ROM<\/strong> \u4ee5\u5728\u91cd\u555f\u6216\u5347\u7d1a\u5f8c\u6301\u7e8c\u5b58\u5728\uff0c\u5c0d\u53d7\u5bb3\u7db2\u8def\u69cb\u6210\u91cd\u5927\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u653b\u64ca\u6d3b\u52d5\u5df2\u88ab\u8ffd\u8e64\u81f3\u4ee3\u865f <strong>ArcaneDoor<\/strong> \u7684\u5a01\u8105\u96c6\u5718\uff0c\u80cc\u5f8c\u884c\u70ba\u8005\u70ba <strong>UAT4356 (<\/strong><strong>\u53c8\u540d Storm-1849)<\/strong>\u3002\u8a72\u96c6\u5718\u904e\u53bb\u66fe\u91dd\u5c0d\u591a\u5bb6\u5ee0\u5546\u7684\u908a\u754c\u8a2d\u5099\u6295\u653e\u60e1\u610f\u7a0b\u5f0f\uff0c\u4f8b\u5982 <em>Line Runner<\/em> \u8207 <em>Line Dancer<\/em>\u3002<\/p>\n\n\n\n<p><strong>\u5176\u4ed6\u76f8\u95dc\u6f0f\u6d1e\u8207\u653b\u64ca\u8da8\u52e2<\/strong><\/p>\n\n\n\n<p>Cisco \u540c\u6b65\u4fee\u88dc\u4e86\u7b2c\u4e09\u500b\u9ad8\u5371\u6f0f\u6d1e <strong>CVE-2025-20363<\/strong>\uff0c\u5b58\u5728\u65bc\u9632\u706b\u7246\u8207 Cisco IOS \u8edf\u9ad4\u4e2d\uff0c\u5141\u8a31\u672a\u7d93\u9a57\u8b49\u7684\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002<\/p>\n\n\n\n<p>\u8cc7\u5b89\u516c\u53f8 <strong><a href=\"https:\/\/www.greynoise.io\/\" title=\"\">GreyNoise<\/a><\/strong> \u76e3\u6e2c\u5230\uff0c2025 \u5e74 8 \u6708\u5e95\u66fe\u6709\u591a\u9054 <strong>25,000 \u500b\u7368\u7acb IP<\/strong> \u91dd\u5c0d ASA \u767b\u5165\u5165\u53e3\u53ca Cisco IOS Telnet\/SSH \u670d\u52d9\u9032\u884c\u5927\u898f\u6a21\u6383\u63cf\u3002\u904e\u5f80\u7d71\u8a08\u986f\u793a\uff0c\u985e\u4f3c\u5075\u5bdf\u884c\u70ba\u5728 80% \u60c5\u6cc1\u4e0b\u6703\u4f34\u96a8\u65b0\u6f0f\u6d1e\u516c\u958b\u8207\u653b\u64ca\u7206\u767c\u3002<\/p>\n\n\n\n<p>\u6b64\u5916\uff0cCisco \u8fd1\u671f\u4ea6\u91cb\u51fa\u91dd\u5c0d <strong>Cisco IOS \/ IOS XE<\/strong> \u8edf\u9ad4\u7684\u9ad8\u98a8\u96aa\u96f6\u65e5\u6f0f\u6d1e\u4fee\u88dc\uff0c\u4e26\u65bc\u4eca\u5e74\u4e94\u6708\u63d0\u9192\u4f7f\u7528\u8005\uff0cWireless LAN Controller \u5b58\u5728\u6975\u9ad8\u98a8\u96aa\u6f0f\u6d1e\uff0c\u53ef\u88ab\u672a\u7d93\u6388\u6b0a\u7684\u653b\u64ca\u8005\u9060\u7aef\u63a5\u7ba1\u8a2d\u5099\u3002<\/p>\n\n\n\n<p><strong>\u8cc7\u5b89\u5c08\u5bb6\u89c0\u9ede\u8207\u9632\u8b77\u5efa\u8b70<\/strong><\/p>\n\n\n\n<p>\u9019\u6ce2\u91dd\u5c0d Cisco ASA\/FTD \u7684\u653b\u64ca\u4e8b\u4ef6\u51f8\u986f\u4e86 <strong>\u908a\u754c\u9632\u706b\u7246\u8207\u7db2\u8def\u8a2d\u5099<\/strong>\u7684\u9ad8\u50f9\u503c\u76ee\u6a19\u7279\u6027\u3002APT \u653b\u64ca\u8005\u5df2\u638c\u63e1\u96f6\u65e5\u6f0f\u6d1e\u8207 ROM \u6301\u4e45\u5316\u6280\u8853\uff0c\u4f7f\u5f97\u53d7\u5f71\u97ff\u8a2d\u5099\u5728\u88ab\u653b\u9677\u5f8c\u53ef\u6301\u7e8c\u5b58\u5728\u63a7\u5236\u7a0b\u5f0f\uff0c\u5c0d\u4f01\u696d\u53ca\u653f\u5e9c\u7db2\u8def\u9632\u8b77\u9020\u6210\u91cd\u5927\u6311\u6230\u3002<\/p>\n\n\n\n<p><strong>\u5efa\u8b70\u63aa\u65bd<\/strong>\uff1a<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>\u7acb\u5373\u66f4\u65b0<\/strong>\uff1a\u6240\u6709 Cisco ASA\/FTD \u8a2d\u5099\u61c9\u5347\u7d1a\u81f3\u5b98\u65b9\u4fee\u88dc\u7248\u672c\u3002<\/li>\n\n\n\n<li><strong>\u6aa2\u67e5\u7570\u5e38\u884c\u70ba<\/strong>\uff1a\u5f37\u5316\u8a2d\u5099\u65e5\u8a8c\u8207\u6d41\u91cf\u76e3\u63a7\uff0c\u7279\u5225\u6ce8\u610f\u672a\u6388\u6b0a\u5b58\u53d6\u3001\u7570\u5e38\u91cd\u555f\u6216 ROM \u4fee\u6539\u8de1\u8c61\u3002<\/li>\n\n\n\n<li><strong>\u9650\u5236\u66b4\u9732\u9762<\/strong>\uff1a\u907f\u514d\u5c07\u7ba1\u7406\u4ecb\u9762\u76f4\u63a5\u66b4\u9732\u65bc\u516c\u7db2\uff0c\u4e26\u9650\u5236\u53ef\u5b58\u53d6\u4f86\u6e90 IP\u3002<\/li>\n\n\n\n<li><strong>\u61c9\u8b8a\u6f14\u7df4<\/strong>\uff1a\u5c07\u908a\u754c\u8a2d\u5099\u7d0d\u5165\u8cc7\u5b89\u6f14\u7df4\uff0c\u78ba\u4fdd\u906d\u5165\u4fb5\u6642\u80fd\u5feb\u901f\u9694\u96e2\u8207\u5fa9\u539f\u3002<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>\u7d50\u8a9e<\/strong><br>Cisco ASA\/FTD \u96f6\u65e5\u6f0f\u6d1e\u4e8b\u4ef6\u5df2\u88ab\u8b49\u5be6\u70ba\u5927\u898f\u6a21\u3001\u6301\u7e8c\u6027\u653b\u64ca\uff0c\u6d89\u53ca\u9ad8\u5ea6\u9032\u968e\u5a01\u8105\u884c\u70ba\u8005 (APT)\u3002\u6240\u6709\u4f7f\u7528\u76f8\u95dc\u8a2d\u5099\u7684\u55ae\u4f4d\u61c9\u7acb\u5373\u63a1\u53d6\u884c\u52d5\u5b8c\u6210\u4fee\u88dc\uff0c\u9632\u6b62\u7db2\u8def\u8cc7\u5b89\u906d\u53d7\u91cd\u5275\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco \u8fd1\u65e5\u767c\u5e03\u7dca\u6025\u5b89\u5168\u901a\u544a\uff0c\u8981\u6c42\u7528\u6236\u7acb\u5373\u4fee\u88dc Cisco Secure Firewall Adaptiv <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=3927\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-3927","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3927","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3927"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3927\/revisions"}],"predecessor-version":[{"id":3931,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3927\/revisions\/3931"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3927"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3927"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3927"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}