ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ28ÖÜ

°ä²¼¹¦·ò 2020-07-14

> ±¾ÖÜ°²È«Ì¬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼°²È«·ì϶65¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤Èƹý·ì϶; RIOT base64½âÂëÆ÷»º³åÇøÒç¶Âí½Å£»C-MORE HMI EA9ÑéÖ¤Èƹý·ì϶£»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý·ì϶£»Google Kubernetes martian´úÂë×¢Èë·ì϶ ¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊÇF5 BIG-IP·ì϶CVE-2020-5902ÒÑÔâµ½ÀûÓ㬽¨ÒéÓû§¾¡¿ìÉý¼¶£»ÃÀ¹úÌØÇÚ¾ÖÖҸ棬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à£»CDATA OLTÖдæÔÚ¶à¸ö0day£¬¿Éͨ¹ýtelnet½Ó¼ûºóÃÅ£»CISA°ä²¼ICS 5ÄêÕ½Êõ¡¶È·±£¹¤ÒµÏµÍ³°²È«£ºÍ³Ò»´òËã¡·£»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬¿ÉÖ´ÐÐËÁÒâ´úÂë ¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜ°²È«ÍþвΪÖÐ ¡£



>³ÁÒª°²È«·ì϶Áбí


1.MobileIron CoreÉí·ÝÑéÖ¤Èƹý·ì϶


MobileIron Core´æÔÚÑéÖ¤Èƹý°²È«·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇ󣬿ÉÈƹý°²È«»úÔìδÊÚȨ½Ó¼û ¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç¶Âí½Å


RIOTbase64½âÂëÆ÷base64_decode()´æÔÚ»º³åÇøÒç¶Âí½Å£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇ󣬿ÉʹÀûÓ÷¨Ê½±ÀÀ£»òÖ´ÐÐËÁÒâ´úÂë ¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤Èƹý·ì϶


C-MORE HMI EA9´æÔÚÑéÖ¤Èƹý£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇ󣬿ÉδÊÚȨ½Ó¼û ¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý·ì϶


Citrix Systems Citrix Application Delivery Controller´æÔÚ°²È«·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇ󣬿ÉÈƹý°²È«Ï޶ȣ¬Î´ÊÚȨ½Ó¼û ¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢Èë·ì϶


GoogleKubernetes´æÔÚ´úÂë×¢Èë·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇ󣬿ɻñȡȨÏÞ»ò½Ó¼û¼àÌý±¾µØÖ÷»ú¶Ë¿ÚµÄËÁÒâ·þÎñµÄÃô¸ÐÐÅÏ¢ ¡£

https://access.redhat.com/security/cve/cve-2020-8558



> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢F5 BIG-IP·ì϶CVE-2020-5902ÒÑÔâµ½ÀûÓ㬽¨ÒéÓû§¾¡¿ìÉý¼¶


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾ÖÖҸ棬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖдæÔÚ¶à¸ö0day£¬¿Éͨ¹ýtelnet½Ó¼ûºóÃÅ


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISA°ä²¼ICS 5ÄêÕ½Êõ¡¶È·±£¹¤ÒµÏµÍ³°²È«£ºÍ³Ò»´òËã¡·


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬¿ÉÖ´ÐÐËÁÒâ´úÂë


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68