ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ28ÖÜ

°ä²¼¹¦·ò 2020-07-14

> ±¾ÖÜ°²È«Ì¬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼°²È«·ì϶65¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤Èƹý·ì϶; RIOT base64½âÂëÆ÷»º³åÇøÒç¶Âí½Å £»C-MORE HMI EA9ÑéÖ¤Èƹý·ì϶ £»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý·ì϶ £»Google Kubernetes martian´úÂë×¢Èë·ì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊÇF5 BIG-IP·ì϶CVE-2020-5902ÒÑÔâµ½ÀûÓà £¬½¨ÒéÓû§¾¡¿ìÉý¼¶ £»ÃÀ¹úÌØÇÚ¾ÖÖÒ¸æ £¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à £»CDATA OLTÖдæÔÚ¶à¸ö0day £¬¿Éͨ¹ýtelnet½Ó¼ûºóÃÅ £»CISA°ä²¼ICS 5ÄêÕ½Êõ¡¶È·±£¹¤ÒµÏµÍ³°²È«£ºÍ³Ò»´òËã¡· £»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day £¬¿ÉÖ´ÐÐËÁÒâ´úÂë¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾ÖÜ°²È«ÍþвΪÖС£



>³ÁÒª°²È«·ì϶Áбí


1.MobileIron CoreÉí·ÝÑéÖ¤Èƹý·ì϶


MobileIron Core´æÔÚÑéÖ¤Èƹý°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉÈƹý°²È«»úÔìδÊÚȨ½Ó¼û¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç¶Âí½Å


RIOTbase64½âÂëÆ÷base64_decode()´æÔÚ»º³åÇøÒç¶Âí½Å £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉʹÀûÓ÷¨Ê½±ÀÀ £»òÖ´ÐÐËÁÒâ´úÂë¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤Èƹý·ì϶


C-MORE HMI EA9´æÔÚÑéÖ¤Èƹý £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉδÊÚȨ½Ó¼û¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý·ì϶


Citrix Systems Citrix Application Delivery Controller´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉÈƹý°²È«ÏÞ¶È £¬Î´ÊÚȨ½Ó¼û¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢Èë·ì϶


GoogleKubernetes´æÔÚ´úÂë×¢Èë·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É»ñȡȨÏÞ»ò½Ó¼û¼àÌý±¾µØÖ÷»ú¶Ë¿ÚµÄËÁÒâ·þÎñµÄÃô¸ÐÐÅÏ¢¡£

https://access.redhat.com/security/cve/cve-2020-8558



> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢F5 BIG-IP·ì϶CVE-2020-5902ÒÑÔâµ½ÀûÓà £¬½¨ÒéÓû§¾¡¿ìÉý¼¶


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾ÖÖÒ¸æ £¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖдæÔÚ¶à¸ö0day £¬¿Éͨ¹ýtelnet½Ó¼ûºóÃÅ


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISA°ä²¼ICS 5ÄêÕ½Êõ¡¶È·±£¹¤ÒµÏµÍ³°²È«£ºÍ³Ò»´òËã¡·


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day £¬¿ÉÖ´ÐÐËÁÒâ´úÂë


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68