ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ30ÖÜ

°ä²¼¹¦·ò 2020-07-27

> ±¾ÖÜ°²È«Ì¬ÊÆ×ÛÊö


2020Äê07ÔÂ20ÈÕÖÁ07ÔÂ26ÈÕ¹²ÊÕ¼°²È«·ì϶57¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇTenda AC15 AC1900ËÁÒâºÅÁîÖ´Ðзì϶£»Tesla Model 3δÊÚȨ´ò¿ª³µÃÅ·ì϶£»Phoenix Contact PLCnext Engineer CVE-2020-12499õ辶±éÀú·ì϶£»Adobe Photoshop CC CVE-2020-9687Ô½½çд·ì϶; HPE nagios plugin for iLO PHP´úÂë×¢Èë·ì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊÇMozilla°ä²¼À×Äñ°²È«¸üР£¬½¨¸´¶à¸öÑϳÁµÄ·ì϶£»AvertX IPϵÁÐÉãÏñÍ·´æÔÚ3¸ö·ì϶ £¬¿É±»ÀûÓÃÌáÒ鱩Á¦¹¥»÷£»Adobe°ä²¼´¹Î£°²È«¸üР£¬½¨¸´¶à¿î²úÆ·ÖÐËÁÒâ´úÂëÖ´Ðзì϶£»ºÚ¿ÍÀûÓÃGoogleÔÆÌáÒé´¹µö¹¥»÷ £¬ÇÔÈ¡Office 365ƾ֤£»Ë¼¿Æ°ä²¼°²È«¸üР£¬½¨¸´ASAºÍFTDÖеÄõ辶±éÀú·ì϶¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾ÖÜ°²È«ÍþвΪÖС£



>³ÁÒª°²È«·ì϶Áбí


1.Tenda AC15 AC1900ËÁÒâºÅÁîÖ´Ðзì϶


Tenda AC15 AC1900 goform/AdvSetLanip¶Ëµã´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄ¡®lanIp POST¡¯²ÎÊýÒªÇó £¬¿ÉÖ´ÐÐËÁÒâϵͳºÅÁî¡£

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68


2. Tesla Model 3δÊÚȨ´ò¿ª³µÃÅ·ì϶


Tesla Model 3´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É½èÖúºÏ·¨Ô¿³×¿¨²¢Ö´ÐÐNFCÖм̹¥»÷ÀûÓø÷ì϶´ò¿ª³µÃÅ¡£

https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers


3. Phoenix Contact PLCnext Engineer CVE-2020-12499õ辶±éÀú·ì϶


Phoenix Contact PLCnext Engineer´æÔÚÊäÈëÑéÖ¤·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É½øÐÐĿ¼±éÀú¹¥»÷ £¬¿É»ñÈ¡Web·þÎñÎļþϵͳÄÚµÄËÁÒâÎļþ¡£

https://cert.vde.com/en-us/advisories/vde-2020-025


4. Adobe Photoshop CC CVE-2020-9687Ô½½çд·ì϶


Adobe Photoshop CC´æÔÚÔ½½çд·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É½øÐлؾø·þÎñ¹¥»÷»òÕßÒÔÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://helpx.adobe.com/security/products/photoshop/apsb20-45.html


5. HPE nagios plugin for iLO PHP´úÂë×¢Èë·ì϶


HPE nagios plugin for iLO´æÔÚÊäÈëÑéÖ¤·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É×¢ÈëËÁÒâPHP´úÂë²¢Ö´ÐС£

https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677



> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢Mozilla°ä²¼À×Äñ°²È«¸üР£¬½¨¸´¶à¸öÑϳÁµÄ·ì϶


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird


2¡¢AvertX IPϵÁÐÉãÏñÍ·´æÔÚ3¸ö·ì϶ £¬¿É±»ÀûÓÃÌáÒ鱩Á¦¹¥»÷


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/07/vulnerabilities-with-avertx-ip-security.html


3¡¢Adobe°ä²¼´¹Î£°²È«¸üР£¬½¨¸´¶à¿î²úÆ·ÖÐËÁÒâ´úÂëÖ´Ðзì϶


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/


4¡¢ºÚ¿ÍÀûÓÃGoogleÔÆÌáÒé´¹µö¹¥»÷ £¬ÇÔÈ¡Office 365ƾ֤


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/    


5¡¢Ë¼¿Æ°ä²¼°²È«¸üР£¬½¨¸´ASAºÍFTDÖеÄõ辶±éÀú·ì϶


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/23/cisco-releases-security-updates-asa-and-ftd-software