ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ28ÖÜ

Ðû²¼Ê±¼ä 2020-07-14

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼Çå¾²Îó²î65¸ö£¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î; RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î£»£»£»£»£»£»C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î£»£»£»£»£»£»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î£»£»£»£»£»£»Google Kubernetes martian´úÂë×¢ÈëÎó²î¡£¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇF5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬣¬£¬£¬£¬£¬½¨ÒéÓû§¾¡¿ìÉý¼¶£»£»£»£»£»£»ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬£¬£¬£¬£¬£¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à£»£»£»£»£»£»CDATA OLTÖб£´æ¶à¸ö0day£¬£¬£¬£¬£¬£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ£»£»£»£»£»£»CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·£»£»£»£»£»£»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬£¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.MobileIron CoreÉí·ÝÑéÖ¤ÈƹýÎó²î


MobileIron Core±£´æÑéÖ¤ÈƹýÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÈƹýÇå¾²»úÖÆδÊÚȨ»á¼û¡£¡£¡£¡£¡£¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç³öÎó²î


RIOTbase64½âÂëÆ÷base64_decode()±£´æ»º³åÇøÒç³öÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»£»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤ÈƹýÎó²î


C-MORE HMI EA9±£´æÑéÖ¤Èƹý£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉδÊÚȨ»á¼û¡£¡£¡£¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹýÎó²î


Citrix Systems Citrix Application Delivery Controller±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÈƹýÇå¾²ÏÞÖÆ£¬£¬£¬£¬£¬£¬Î´ÊÚȨ»á¼û¡£¡£¡£¡£¡£¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢ÈëÎó²î


GoogleKubernetes±£´æ´úÂë×¢ÈëÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿É»ñȡȨÏÞ»ò»á¼û¼àÌýµ±ÌïÖ÷»ú¶Ë¿ÚµÄí§ÒâЧÀ͵ÄÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¡£

https://access.redhat.com/security/cve/cve-2020-8558



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢F5 BIG-IPÎó²îCVE-2020-5902ÒÑÔ⵽ʹÓ㬣¬£¬£¬£¬£¬½¨ÒéÓû§¾¡¿ìÉý¼¶


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾ÖÖÒÑÔ£¬£¬£¬£¬£¬£¬Õë¶ÔÍйÜЧÀÍÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖб£´æ¶à¸ö0day£¬£¬£¬£¬£¬£¬¿Éͨ¹ýtelnet»á¼ûºóÃÅ


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Çå¾²£ºÍ³Ò»ÍýÏë¡·


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬£¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68