{"id":4143,"date":"2026-01-28T16:08:59","date_gmt":"2026-01-28T08:08:59","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=4143"},"modified":"2026-01-28T16:11:02","modified_gmt":"2026-01-28T08:11:02","slug":"cisa-%e8%ad%a6%e5%91%8a%ef%bc%9avmware-vcenter-server-%e9%97%9c%e9%8d%b5-rce-%e6%bc%8f%e6%b4%9e%e5%b7%b2%e9%81%ad%e5%af%a6%e9%9a%9b%e5%88%a9%e7%94%a8%ef%bc%8c%e8%81%af%e9%82%a6%e6%a9%9f%e6%a7%8b","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=4143","title":{"rendered":"CISA \u8b66\u544a\uff1aVMware vCenter Server \u95dc\u9375 RCE \u6f0f\u6d1e\u5df2\u906d\u5be6\u969b\u5229\u7528\uff0c\u806f\u90a6\u6a5f\u69cb\u9650\u671f\u4e09\u9031\u5b8c\u6210\u4fee\u88dc"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"831\" height=\"598\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image-13.png\" alt=\"\" class=\"wp-image-4144\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image-13.png 831w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image-13-300x216.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image-13-768x553.png 768w\" sizes=\"auto, (max-width: 831px) 100vw, 831px\" \/><\/figure>\n\n\n\n<p>\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u8fd1\u65e5\u6b63\u5f0f<a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/01\/23\/cisa-adds-one-known-exploited-vulnerability-catalog\">\u8b66\u544a<\/a>\uff0c\u4e00\u9805\u5f71\u97ff VMware vCenter Server \u7684\u95dc\u9375\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\uff08RCE\uff09\u6f0f\u6d1e <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-37079\">CVE-2024-37079<\/a> \u5df2\u5728\u5be6\u969b\u653b\u64ca\u4e2d\u906d\u5230\u5229\u7528\uff0c\u4e26\u8981\u6c42\u7f8e\u570b\u806f\u90a6\u653f\u5e9c\u6a5f\u69cb\u5fc5\u9808\u5728 \u4e09\u9031\u5167\u5b8c\u6210\u4fee\u88dc\uff0c\u5426\u5247\u5c07\u9055\u53cd\u5f37\u5236\u6027\u71df\u904b\u6307\u4ee4\uff08BOD\uff09\u3002<\/p>\n\n\n\n<p>\u8a72\u6f0f\u6d1e\u5df2\u65bc 2024 \u5e74 6 \u6708\u7531 Broadcom \u4fee\u88dc\uff0c\u6210\u56e0\u70ba vCenter Server \u5728 DCERPC \u5354\u5b9a\u5be6\u4f5c\u4e2d\u7684 Heap Overflow\uff08\u5806\u7a4d\u6ea2\u4f4d\uff09\u5f31\u9ede\u3002vCenter Server \u70ba VMware vSphere \u7684\u6838\u5fc3\u7ba1\u7406\u5e73\u53f0\uff0c\u5ee3\u6cdb\u7528\u65bc\u7ba1\u7406 ESXi \u4e3b\u6a5f\u8207\u865b\u64ec\u6a5f\uff0c\u4e00\u65e6\u906d\u5165\u4fb5\uff0c\u7b49\u540c\u638c\u63a7\u6574\u500b\u865b\u64ec\u5316\u74b0\u5883\u3002<\/p>\n\n\n\n<p><strong>\u4f4e\u9580\u6abb\u3001\u9ad8\u885d\u64ca\u7684 RCE <\/strong><strong>\u98a8\u96aa<\/strong><\/p>\n\n\n\n<p>\u6839\u64da\u6280\u8853\u5206\u6790\uff0c\u653b\u64ca\u8005\u50c5\u9700\u5177\u5099\u7db2\u8def\u9023\u7dda\u5b58\u53d6\u6b0a\u9650\uff0c\u5373\u53ef\u900f\u904e\u50b3\u9001\u7279\u88fd\u5c01\u5305\u89f8\u767c\u6f0f\u6d1e\uff0c\u76f4\u63a5\u5728\u76ee\u6a19 vCenter Server \u4e0a\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002<\/p>\n\n\n\n<p>\u6b64\u653b\u64ca\u4e0d\u9700\u5e33\u865f\u6b0a\u9650\u3001\u4e0d\u9700\u4f7f\u7528\u8005\u4e92\u52d5\uff0c\u653b\u64ca\u8907\u96dc\u5ea6\u6975\u4f4e\uff0c\u5c0d\u4f01\u696d\u8207\u653f\u5e9c\u6a5f\u69cb\u800c\u8a00\u98a8\u96aa\u6975\u9ad8\u3002<\/p>\n\n\n\n<p>Broadcom \u4ea6\u660e\u78ba\u6307\u51fa\uff0cCVE-2024-37079 \u4e26\u7121\u4efb\u4f55\u66ff\u4ee3\u6027\u7de9\u89e3\u63aa\u65bd\u6216\u66ab\u6642\u6027\u9632\u8b77\u65b9\u5f0f\uff0c\u552f\u4e00\u53ef\u884c\u7684\u8655\u7406\u65b9\u5f0f\u5373\u70ba\u7acb\u5373\u5347\u7d1a\u81f3\u6700\u65b0\u7248\u672c\u7684 vCenter Server \u6216 Cloud Foundation\u3002<\/p>\n\n\n\n<p><strong>CISA <\/strong><strong>\u5217\u5165\u300c\u5df2\u906d\u5be6\u969b\u5229\u7528\u6f0f\u6d1e\u6e05\u55ae\u300d<\/strong><\/p>\n\n\n\n<p>CISA \u5df2\u65bc\u4e0a\u9031\u4e94\u5c07 CVE-2024-37079 \u7d0d\u5165\u5176\u300c\u5df2\u5728\u91ce\u5916\u906d\u5229\u7528\u6f0f\u6d1e\u6e05\u55ae\uff08Known Exploited Vulnerabilities, KEV\uff09\u300d\uff0c\u4e26\u4f9d\u64da BOD 22-01 \u8981\u6c42\u6240\u6709\u806f\u90a6\u6c11\u7528\u884c\u653f\u6a5f\u69cb\uff08FCEB\uff09\u6700\u665a\u9808\u65bc 2 \u6708 13 \u65e5\u524d\u5b8c\u6210\u4fee\u88dc\u3002<\/p>\n\n\n\n<p>FCEB \u6a5f\u69cb\u5305\u542b\u7f8e\u570b\u570b\u52d9\u9662\u3001\u53f8\u6cd5\u90e8\u3001\u80fd\u6e90\u90e8\u8207\u570b\u571f\u5b89\u5168\u90e8\u7b49\u975e\u8ecd\u4e8b\u884c\u653f\u55ae\u4f4d\u3002<\/p>\n\n\n\n<p>CISA \u5f37\u8abf\uff1a<\/p>\n\n\n\n<p>\u300c\u6b64\u985e\u6f0f\u6d1e\u662f\u60e1\u610f\u884c\u70ba\u8005\u6700\u5e38\u5229\u7528\u7684\u653b\u64ca\u9014\u5f91\u4e4b\u4e00\uff0c\u5c0d\u6574\u9ad4\u653f\u5e9c\u9ad4\u7cfb\u69cb\u6210\u91cd\u5927\u98a8\u96aa\u3002\u8acb\u4f9d\u7167\u4f9b\u61c9\u5546\u6307\u5f15\u5b8c\u6210\u4fee\u88dc\uff0c\u9075\u5faa BOD 22-01 \u5c0d\u96f2\u7aef\u670d\u52d9\u7684\u76f8\u95dc\u8981\u6c42\uff0c\u82e5\u7121\u53ef\u884c\u7de9\u89e3\u63aa\u65bd\uff0c\u61c9\u7acb\u5373\u505c\u6b62\u4f7f\u7528\u8a72\u7522\u54c1\u3002\u300d<\/p>\n\n\n\n<p><strong>Broadcom <\/strong><strong>\u8b49\u5be6\u6f0f\u6d1e\u5df2\u906d\u653b\u64ca\u8005\u5229\u7528<\/strong><\/p>\n\n\n\n<p>\u540c\u65e5\uff0cBroadcom \u66f4\u65b0\u539f\u59cb\u516c\u544a\u4e26\u8b49\u5be6\uff0c\u5df2\u638c\u63e1 CVE-2024-37079 \u5728\u5be6\u969b\u74b0\u5883\u4e2d\u906d\u6feb\u7528\u7684\u60c5\u8cc7\uff0c\u9032\u4e00\u6b65\u5370\u8b49\u8a72\u6f0f\u6d1e\u7684\u5373\u6642\u5a01\u8105\u6027\u3002<\/p>\n\n\n\n<p>VMware \u7522\u54c1\u6210\u70ba\u9ad8\u50f9\u503c\u653b\u64ca\u76ee\u6a19\u7684\u8da8\u52e2<\/p>\n\n\n\n<p>\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u9019\u4e26\u975e\u500b\u6848\u3002<\/p>\n\n\n\n<p>2024 \u5e74 10 \u6708\uff0cCISA \u4ea6\u66fe\u8981\u6c42\u7f8e\u570b\u653f\u5e9c\u6a5f\u69cb\u7dca\u6025\u4fee\u88dc VMware Aria Operations \u8207 VMware Tools \u4e2d\u7684\u9ad8\u98a8\u96aa\u6f0f\u6d1e CVE-2025-41244\uff0c\u8a72\u6f0f\u6d1e\u81ea 2024 \u5e74 10 \u6708\u8d77\u5373\u906d\u4e2d\u570b\u99ed\u5ba2\u4ee5\u96f6\u6642\u5dee\u653b\u64ca\u65b9\u5f0f\u5229\u7528\u3002<\/p>\n\n\n\n<p>\u6b64\u5916\uff0cBroadcom \u5728\u53bb\u5e74\u4ea6\u9678\u7e8c\u4fee\u88dc\u591a\u9805\u7531 \u7f8e\u570b\u570b\u5b89\u5c40\uff08NSA\uff09 \u8207 Microsoft \u56de\u5831\u3001\u4e14\u5df2\u88ab\u5be6\u969b\u5229\u7528\u7684 VMware \u96f6\u6642\u5dee\u6f0f\u6d1e\uff0c\u6db5\u84cb NSX \u8207\u591a\u9805\u6838\u5fc3\u5143\u4ef6\u3002<\/p>\n\n\n\n<p><strong>\u8cc7\u5b89\u89c0\u9ede<\/strong><\/p>\n\n\n\n<p>\u5f9e\u8fd1\u671f\u8da8\u52e2\u4f86\u770b\uff0cVMware \u6838\u5fc3\u7ba1\u7406\u5143\u4ef6\u5df2\u660e\u78ba\u6210\u70ba\u570b\u5bb6\u7d1a\u8207\u9032\u968e\u5a01\u8105\u884c\u70ba\u8005\u7684\u91cd\u9ede\u653b\u64ca\u76ee\u6a19\u3002<\/p>\n\n\n\n<p>\u5c0d\u4f01\u696d\u8207\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u800c\u8a00\uff0cvCenter Server \u4e0d\u518d\u53ea\u662f IT \u7ba1\u7406\u5de5\u5177\uff0c\u800c\u662f\u9ad8\u98a8\u96aa\u3001\u5fc5\u9808\u88ab\u7d0d\u5165\u95dc\u9375\u8cc7\u7522\u9632\u8b77\u8207\u5f31\u9ede\u5373\u6642\u4fee\u88dc\u6d41\u7a0b\u7684\u6838\u5fc3\u7cfb\u7d71\u3002<\/p>\n\n\n\n<p>\u5ef6\u9072\u4fee\u88dc\uff0c\u7b49\u540c\u5c07\u6574\u500b\u865b\u64ec\u5316\u74b0\u5883\u66b4\u9732\u5728\u53ef\u88ab\u9060\u7aef\u5168\u9762\u63a5\u7ba1\u7684\u98a8\u96aa\u4e4b\u4e2d\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u8fd1\u65e5\u6b63\u5f0f\u8b66\u544a\uff0c\u4e00\u9805\u5f71\u97ff VMware vCenter Server \u7684 <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=4143\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[191,174],"class_list":["post-4143","post","type-post","status-publish","format-standard","hentry","category-6","tag-cisa","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4143"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4143\/revisions"}],"predecessor-version":[{"id":4148,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4143\/revisions\/4148"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}