ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ28ÖÜ

Ðû²¼Ê±¼ä 2020-07-14

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼Çå¾²Îó²î65¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î; RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î £»C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î £»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î £»Google Kubernetes martian´úÂë×¢ÈëÎó²î ¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇF5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬽¨ÒéÓû§¾¡¿ìÉý¼¶ £»ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à £»CDATA OLTÖб£´æ¶à¸ö0day£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ £»CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡· £»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬¿ÉÖ´ÐÐí§Òâ´úÂë ¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖÐ ¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.MobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î


MobileIron Core±£´æÑéÖ¤ÈƹýÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÈƹýÇå¾²»úÖÆδÊÚȨ»á¼û ¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î


RIOTbase64½âÂëÆ÷base64_decode()±£´æ»º³åÇøÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ £»òÖ´ÐÐí§Òâ´úÂë ¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î


C-MORE HMI EA9±£´æÑéÖ¤Èƹý£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉδÊÚȨ»á¼û ¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î


Citrix Systems Citrix Application Delivery Controller±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÈƹýÇå¾²ÏÞÖÆ£¬Î´ÊÚȨ»á¼û ¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢ÈëÎó²î


GoogleKubernetes±£´æ´úÂë×¢ÈëÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ɻñȡȨÏÞ»ò»á¼û¼àÌýµ±ÌïÖ÷»ú¶Ë¿ÚµÄí§Òâ·þÎñµÄÃô¸ÐÐÅÏ¢ ¡£

https://access.redhat.com/security/cve/cve-2020-8558



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢F5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬽¨ÒéÓû§¾¡¿ìÉý¼¶


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖб£´æ¶à¸ö0day£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬¿ÉÖ´ÐÐí§Òâ´úÂë


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68