ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ28ÖÜ

Ðû²¼Ê±¼ä 2020-07-14

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê07ÔÂ06ÈÕÖÁ07ÔÂ12ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´65¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇMobileIron CoreÉí·ÝÑéÖ¤Èƹý©¶´; RIOT base64½âÂëÆ÷»º³åÇøÒç³ö©¶´ £»C-MORE HMI EA9ÑéÖ¤Èƹý©¶´ £»Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý©¶´ £»Google Kubernetes martian´úÂë×¢È멶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊÇF5 BIG-IP©¶´CVE-2020-5902ÒÑÔâµ½ÀûÓ㬽¨ÒéÓû§¾¡¿ìÉý¼¶ £»ÃÀ¹úÌØÇÚ¾Ö¾¯¸æ£¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à £»CDATA OLTÖдæÔÚ¶à¸ö0day£¬¿Éͨ¹ýtelnet·ÃÎʺóÃÅ £»CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Äþ¾²£ºÍ³Ò»¼Æ»®¡· £»ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬¿ÉÖ´ÐÐÈÎÒâ´úÂë¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖС£



>ÖØÒªÄþ¾²Â©¶´Áбí


1.MobileIron CoreÉí·ÝÑéÖ¤Èƹý©¶´


MobileIron Core´æÔÚÑéÖ¤ÈƹýÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÈƹýÄþ¾²»úÖÆδÊÚȨ·ÃÎÊ¡£

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available


2. RIOT base64½âÂëÆ÷»º³åÇøÒç³ö©¶´


RIOTbase64½âÂëÆ÷base64_decode()´æÔÚ»º³åÇøÒç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ £»òÖ´ÐÐÈÎÒâ´úÂë¡£

https://github.com/RIOT-OS/RIOT/pull/14400


3. C-MORE HMI EA9ÑéÖ¤Èƹý©¶´


C-MORE HMI EA9´æÔÚÑéÖ¤Èƹý£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉδÊÚȨ·ÃÎÊ¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-805/


4. Citrix Systems Citrix Application Delivery ControllerÊÚȨÈƹý©¶´


Citrix Systems Citrix Application Delivery Controller´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÈƹýÄþ¾²ÏÞÖÆ£¬Î´ÊÚȨ·ÃÎÊ¡£

https://support.citrix.com/article/CTX276688


5. Google Kubernetes martian´úÂë×¢È멶´


GoogleKubernetes´æÔÚ´úÂë×¢È멶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ɻñȡȨÏÞ»ò·ÃÎʼàÌýµ±ÌïÖ÷»ú¶Ë¿ÚµÄÈÎÒâ·þÎñµÄÃô¸ÐÐÅÏ¢¡£

https://access.redhat.com/security/cve/cve-2020-8558



> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢F5 BIG-IP©¶´CVE-2020-5902ÒÑÔâµ½ÀûÓ㬽¨ÒéÓû§¾¡¿ìÉý¼¶


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/


2¡¢ÃÀ¹úÌØÇÚ¾Ö¾¯¸æ£¬Õë¶ÔÍйܷþÎñÌṩÉÌ£¨MSP£©µÄ¹¥»÷Ôö¶à


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/#ftag=RSSbaffb68  


3¡¢CDATA OLTÖдæÔÚ¶à¸ö0day£¬¿Éͨ¹ýtelnet·ÃÎʺóÃÅ


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html


4¡¢CISAÐû²¼ICS 5ÄêÕ½ÂÔ¡¶È·±£¹¤ÒµÏµÍ³Äþ¾²£ºÍ³Ò»¼Æ»®¡·


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/07/cisa-releases-securing-industrial-control-systems-unified


5¡¢ACROSÅû¶ZoomµÄWindows¿Í»§¶ËÖÐ0day£¬¿ÉÖ´ÐÐÈÎÒâ´úÂë


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/#ftag=RSSbaffb68