ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ28ÖÜ

Ðû²¼Ê±¼ä 2020-07-14

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼Çå¾²Îó²î65¸ö £¬£¬£¬ £¬£¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î; RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î£» £»£»C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î£» £»£»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î£» £»£»Google Kubernetes martian´úÂë×¢ÈëÎó²î ¡£ ¡£ ¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇF5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓà £¬£¬£¬ £¬£¬½¨ÒéÓû§¾¡¿ìÉý¼¶£» £»£»ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ £¬£¬£¬ £¬£¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à£» £»£»CDATA OLTÖб£´æ¶à¸ö0day £¬£¬£¬ £¬£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ£» £»£»CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·£» £»£»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day £¬£¬£¬ £¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë ¡£ ¡£ ¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö £¬£¬£¬ £¬£¬±¾ÖÜÇå¾²ÍþвΪÖÐ ¡£ ¡£ ¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.MobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î


MobileIron Core±£´æÑéÖ¤ÈƹýÇå¾²Îó²î £¬£¬£¬ £¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬£¬£¬ £¬£¬¿ÉÈƹýÇå¾²»úÖÆδÊÚȨ»á¼û ¡£ ¡£ ¡£¡£¡£¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î


RIOTbase64½âÂëÆ÷base64_decode()±£´æ»º³åÇøÒç³öÎó²î £¬£¬£¬ £¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬£¬£¬ £¬£¬¿ÉʹӦÓóÌÐòÍ߽⻠£»£»òÖ´ÐÐí§Òâ´úÂë ¡£ ¡£ ¡£¡£¡£¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î


C-MORE HMI EA9±£´æÑéÖ¤Èƹý £¬£¬£¬ £¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬£¬£¬ £¬£¬¿ÉδÊÚȨ»á¼û ¡£ ¡£ ¡£¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î


Citrix Systems Citrix Application Delivery Controller±£´æÇå¾²Îó²î £¬£¬£¬ £¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬£¬£¬ £¬£¬¿ÉÈƹýÇå¾²ÏÞÖÆ £¬£¬£¬ £¬£¬Î´ÊÚȨ»á¼û ¡£ ¡£ ¡£¡£¡£¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢ÈëÎó²î


GoogleKubernetes±£´æ´úÂë×¢ÈëÎó²î £¬£¬£¬ £¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬£¬£¬ £¬£¬¿É»ñȡȨÏÞ»ò»á¼û¼àÌýµ±ÌïÖ÷»ú¶Ë¿ÚµÄí§ÒâЧÀ͵ÄÃô¸ÐÐÅÏ¢ ¡£ ¡£ ¡£¡£¡£¡£

https://access.redhat.com/security/cve/cve-2020-8558



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢F5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓà £¬£¬£¬ £¬£¬½¨ÒéÓû§¾¡¿ìÉý¼¶


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ £¬£¬£¬ £¬£¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖб£´æ¶à¸ö0day £¬£¬£¬ £¬£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day £¬£¬£¬ £¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68