ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ30ÖÜ

Ðû²¼Ê±¼ä 2020-07-27

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ20ÈÕÖÁ07ÔÂ26ÈÕ¹²ÊÕ¼Çå¾²Îó²î57¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇTenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î£»Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î£»Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î£»Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î; HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇMozillaÐû²¼À×ÄñÇå¾²¸üУ¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î£»AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷£»AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î£»ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬ÇÔÈ¡Office 365ƾ֤£»Ë¼¿ÆÐû²¼Çå¾²¸üУ¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Tenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î


Tenda AC15 AC1900 goform/AdvSetLanip¶Ëµã±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄ¡®lanIp POST¡¯²ÎÊýÇëÇ󣬿ÉÖ´ÐÐí§ÒâϵͳÏÂÁî¡£

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68


2. Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î


Tesla Model 3±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ɽèÖúÕýµ±Ô¿³×¿¨²¢ÊµÑéNFCÖм̹¥»÷ʹÓøÃÎó²î·­¿ª³µÃÅ¡£

https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers


3. Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î


Phoenix Contact PLCnext Engineer±£´æÊäÈëÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ɾÙÐÐĿ¼±éÀú¹¥»÷£¬¿É»ñÈ¡Web·þÎñÎļþϵͳÄÚµÄí§ÒâÎļþ¡£

https://cert.vde.com/en-us/advisories/vde-2020-025


4. Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î


Adobe Photoshop CC±£´æÔ½½çдÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ɾÙÐоܾø·þÎñ¹¥»÷»òÕßÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://helpx.adobe.com/security/products/photoshop/apsb20-45.html


5. HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î


HPE nagios plugin for iLO±£´æÊäÈëÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿É×¢Èëí§ÒâPHP´úÂë²¢Ö´ÐС£

https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢MozillaÐû²¼À×ÄñÇå¾²¸üУ¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird


2¡¢AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/07/vulnerabilities-with-avertx-ip-security.html


3¡¢AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/


4¡¢ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬ÇÔÈ¡Office 365ƾ֤


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/    


5¡¢Ë¼¿ÆÐû²¼Çå¾²¸üУ¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/23/cisco-releases-security-updates-asa-and-ftd-software