ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ28ÖÜ

Ðû²¼Ê±¼ä 2020-07-14

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼Çå¾²Îó²î65¸ö£¬£¬£¬£¬ £¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î; RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î£»£»£»C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î£»£»£»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î£»£»£»Google Kubernetes martian´úÂë×¢ÈëÎó²î¡£¡£¡£¡£¡£ ¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇF5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬣¬£¬£¬ £¬½¨ÒéÓû§¾¡¿ìÉý¼¶£»£»£»ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬£¬£¬£¬ £¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à£»£»£»CDATA OLTÖб£´æ¶à¸ö0day£¬£¬£¬£¬ £¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ£»£»£»CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·£»£»£»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬£¬£¬£¬ £¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£ ¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬ £¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£ ¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.MobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î


MobileIron Core±£´æÑéÖ¤ÈƹýÇå¾²Îó²î£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬ £¬¿ÉÈƹýÇå¾²»úÖÆδÊÚȨ»á¼û¡£¡£¡£¡£¡£ ¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î


RIOTbase64½âÂëÆ÷base64_decode()±£´æ»º³åÇøÒç³öÎó²î£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬ £¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£ ¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î


C-MORE HMI EA9±£´æÑéÖ¤Èƹý£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬ £¬¿ÉδÊÚȨ»á¼û¡£¡£¡£¡£¡£ ¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î


Citrix Systems Citrix Application Delivery Controller±£´æÇå¾²Îó²î£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬ £¬¿ÉÈƹýÇå¾²ÏÞÖÆ£¬£¬£¬£¬ £¬Î´ÊÚȨ»á¼û¡£¡£¡£¡£¡£ ¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢ÈëÎó²î


GoogleKubernetes±£´æ´úÂë×¢ÈëÎó²î£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬ £¬¿É»ñȡȨÏÞ»ò»á¼û¼àÌýµ±ÌïÖ÷»ú¶Ë¿ÚµÄí§ÒâЧÀ͵ÄÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£ ¡£

https://access.redhat.com/security/cve/cve-2020-8558



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢F5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬣¬£¬£¬ £¬½¨ÒéÓû§¾¡¿ìÉý¼¶


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬£¬£¬£¬ £¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖб£´æ¶à¸ö0day£¬£¬£¬£¬ £¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬£¬£¬£¬ £¬¿ÉÖ´ÐÐí§Òâ´úÂë


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68