ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ28ÖÜ

Ðû²¼Ê±¼ä 2020-07-14

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´65¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤Èƹý©¶´; RIOT base64½âÂëÆ÷»º³åÇøÒç³ö©¶´£»C-MORE HMI EA9ÑéÖ¤Èƹý©¶´£»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý©¶´£»Google Kubernetes martian´úÂë×¢È멶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊÇF5 BIG-IP©¶´CVE-2020-5902ÒÑÔâµ½ÀûÓà £¬½¨ÒéÓû§¾¡¿ìÉý¼¶£»ÃÀ¹úÌØÇÚ¾Ö¾¯¸æ £¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à£»CDATA OLTÖдæÔÚ¶à¸ö0day £¬¿Éͨ¹ýtelnet·ÃÎʺóÃÅ£»CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Äþ¾²£ºÍ³Ò»¼Æ»®¡·£»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day £¬¿ÉÖ´ÐÐÈÎÒâ´úÂë¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾ÖÜÄþ¾²ÍþвΪÖС£



>ÖØÒªÄþ¾²Â©¶´Áбí


1.MobileIron CoreÉí·ÝÑéÖ¤Èƹý©¶´


MobileIron Core´æÔÚÑéÖ¤ÈƹýÄþ¾²Â©¶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó £¬¿ÉÈƹýÄþ¾²»úÖÆδÊÚȨ·ÃÎÊ¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç³ö©¶´


RIOTbase64½âÂëÆ÷base64_decode()´æÔÚ»º³åÇøÒç³ö©¶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó £¬¿ÉʹӦÓ÷¨Ê½±ÀÀ£»òÖ´ÐÐÈÎÒâ´úÂë¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤Èƹý©¶´


C-MORE HMI EA9´æÔÚÑéÖ¤Èƹý £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó £¬¿ÉδÊÚȨ·ÃÎÊ¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý©¶´


Citrix Systems Citrix Application Delivery Controller´æÔÚÄþ¾²Â©¶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó £¬¿ÉÈƹýÄþ¾²ÏÞÖÆ £¬Î´ÊÚȨ·ÃÎÊ¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢È멶´


GoogleKubernetes´æÔÚ´úÂë×¢È멶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó £¬¿É»ñȡȨÏÞ»ò·ÃÎʼàÌýµ±ÌïÖ÷»ú¶Ë¿ÚµÄÈÎÒâ·þÎñµÄÃô¸ÐÐÅÏ¢¡£

https://access.redhat.com/security/cve/cve-2020-8558



> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢F5 BIG-IP©¶´CVE-2020-5902ÒÑÔâµ½ÀûÓà £¬½¨ÒéÓû§¾¡¿ìÉý¼¶


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾Ö¾¯¸æ £¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖдæÔÚ¶à¸ö0day £¬¿Éͨ¹ýtelnet·ÃÎʺóÃÅ


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Äþ¾²£ºÍ³Ò»¼Æ»®¡·


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day £¬¿ÉÖ´ÐÐÈÎÒâ´úÂë


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68