ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ31ÖÜ

Ðû²¼Ê±¼ä 2020-08-04

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ27ÈÕÖÁ08ÔÂ02ÈÕ¹²ÊÕ¼Çå¾²Îó²î72¸ö£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇCisco SD-WAN Solution Software»º³åÇøÒç³öÎó²î£»£»£» £»£»Grandstream HT800 series OSÏÂÁî×¢ÈëÎó²î£»£»£» £»£»Ruckus Networks Unleashed C110 emfd/libemfÏÂÁî×¢ÈëÎó²î£»£»£» £»£»NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³öÎó²î; Softing Industrial Automation OPC »º³åÇøÒç³öÎó²î¡£ ¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍʹÓõç×ÓÒøÐÐDaveÖÐÎó²î£¬£¬£¬£¬£¬ÇÔÈ¡750ÍòÓû§Êý¾Ý£»£»£» £»£»Òò»ù´¡¼Ü¹¹ÉèÖùýʧ£¬£¬£¬£¬£¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶£»£»£» £»£»ºÚ¿ÍÔÚ°µÍø¹ûÕæÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Í¼£»£»£» £»£»AdobeÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐÐÎó²î£»£»£» £»£»GRUB2ÖÐÎó²îBootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinux×°±¸¡£ ¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£ ¡£¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Cisco SD-WAN Solution Software»º³åÇøÒç³öÎó²î


Cisco SD-WAN Solution Software±£´æ»º³åÇøÒç³öÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⻣»£» £»£»òÒÔROOTÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£ ¡£¡£¡£¡£¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL


2. Grandstream HT800 series OSÏÂÁî×¢ÈëÎó²î


Grandstream HT800 series±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿É½¨ÉèÉèÖÃÎļþ²¢·¢ËÍÌØÊâµÄSIPÐÂÎÅÒÔROOTȨÏÞÖ´ÐÐí§ÒâÏÂÁî¡£ ¡£¡£¡£¡£¡£

https://www.tenable.com/security/research/tra-2020-47


3. Ruckus Networks Unleashed C110 emfd/libemfÏÂÁî×¢ÈëÎó²î


Ruckus Networks Unleashed C110 emfd/libemf±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿É×¢Èëí§ÒâÏÂÁî²¢Ö´ÐС£ ¡£¡£¡£¡£¡£

https://support.ruckuswireless.com/security_bulletins/304


4. NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³öÎó²î


NETGEAR R6700 httpd strtblupgrade´¦Öóͷ£±£´æ¶ÑÒç³öÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⻣»£» £»£»ò¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£ ¡£¡£¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-708/


5. Softing Industrial Automation OPC »º³åÇøÒç³öÎó²î


Softing Industrial Automation OPC±£´æ»ùÓڶѵĻº³åÇøÒç³öÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⻣»£» £»£»ò¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£ ¡£¡£¡£¡£¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿ÍʹÓõç×ÓÒøÐÐDaveÖÐÎó²î£¬£¬£¬£¬£¬ÇÔÈ¡750ÍòÓû§Êý¾Ý


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/#ftag=RSSbaffb68


2¡¢Òò»ù´¡¼Ü¹¹ÉèÖùýʧ£¬£¬£¬£¬£¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/


3¡¢ºÚ¿ÍÔÚ°µÍø¹ûÕæÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Í¼


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/


4¡¢AdobeÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐÐÎó²î


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/    


5¡¢GRUB2ÖÐÎó²îBootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinux×°±¸


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/