ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ28ÖÜ

Ðû²¼Ê±¼ä 2020-07-14

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼Çå¾²Îó²î65¸ö£¬£¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î; RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î£»£»£»£»C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î£»£»£»£»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î£»£»£»£»Google Kubernetes martian´úÂë×¢ÈëÎó²î¡£¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇF5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬣¬£¬£¬£¬£¬£¬½¨ÒéÓû§¾¡¿ìÉý¼¶£»£»£»£»ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬£¬£¬£¬£¬£¬£¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à£»£»£»£»CDATA OLTÖб£´æ¶à¸ö0day£¬£¬£¬£¬£¬£¬£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ£»£»£»£»CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·£»£»£»£»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬£¬£¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.MobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î


MobileIron Core±£´æÑéÖ¤ÈƹýÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬¿ÉÈƹýÇå¾²»úÖÆδÊÚȨ»á¼û¡£¡£¡£¡£¡£¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î


RIOTbase64½âÂëÆ÷base64_decode()±£´æ»º³åÇøÒç³öÎó²î£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î


C-MORE HMI EA9±£´æÑéÖ¤Èƹý£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬¿ÉδÊÚȨ»á¼û¡£¡£¡£¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î


Citrix Systems Citrix Application Delivery Controller±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬¿ÉÈƹýÇå¾²ÏÞÖÆ£¬£¬£¬£¬£¬£¬£¬Î´ÊÚȨ»á¼û¡£¡£¡£¡£¡£¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢ÈëÎó²î


GoogleKubernetes±£´æ´úÂë×¢ÈëÎó²î£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬¿É»ñȡȨÏÞ»ò»á¼û¼àÌýµ±ÌïÖ÷»ú¶Ë¿ÚµÄí§ÒâЧÀ͵ÄÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¡£

https://access.redhat.com/security/cve/cve-2020-8558



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢F5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬣¬£¬£¬£¬£¬£¬½¨ÒéÓû§¾¡¿ìÉý¼¶


918²©ÌìÌÃ(ÖйúÓÎ)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬£¬£¬£¬£¬£¬£¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


918²©ÌìÌÃ(ÖйúÓÎ)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖб£´æ¶à¸ö0day£¬£¬£¬£¬£¬£¬£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ


918²©ÌìÌÃ(ÖйúÓÎ)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·


918²©ÌìÌÃ(ÖйúÓÎ)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬£¬£¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë


918²©ÌìÌÃ(ÖйúÓÎ)×îйٷ½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68