ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ30ÖÜ

Ðû²¼Ê±¼ä 2020-07-27

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê07ÔÂ20ÈÕÖÁ07ÔÂ26ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´57¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇTenda AC15 AC1900ÈÎÒâÃüÁîÖ´ÐЩ¶´ £»Tesla Model 3δÊÚȨ´ò¿ª³µÃÅ©¶´ £»Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀú©¶´ £»Adobe Photoshop CC CVE-2020-9687Ô½½ç䩶´; HPE nagios plugin for iLO PHP´úÂë×¢È멶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊÇMozillaÐû²¼À×ÄñÄþ¾²¸üУ¬ÐÞ¸´¶à¸öÑÏÖصÄ©¶´ £»AvertX IPϵÁÐÉãÏñÍ·´æÔÚ3¸ö©¶´£¬¿É±»ÀûÓÃÌᳫ±©Á¦¹¥»÷ £»AdobeÐû²¼½ô¼±Äþ¾²¸üУ¬ÐÞ¸´¶à¿î²úÎïÖÐÈÎÒâ´úÂëÖ´ÐЩ¶´ £»ºÚ¿ÍÀûÓÃGoogleÔÆÌᳫµöÓã¹¥»÷£¬ÇÔÈ¡Office 365ƾ֤ £»Ë¼¿ÆÐû²¼Äþ¾²¸üУ¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀú©¶´¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖС£



>ÖØÒªÄþ¾²Â©¶´Áбí


1.Tenda AC15 AC1900ÈÎÒâÃüÁîÖ´ÐЩ¶´


Tenda AC15 AC1900 goform/AdvSetLanip¶Ëµã´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄ¡®lanIp POST¡¯²ÎÊýÇëÇ󣬿ÉÖ´ÐÐÈÎÒâϵͳÃüÁî¡£

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68


2. Tesla Model 3δÊÚȨ´ò¿ª³µÃÅ©¶´


Tesla Model 3´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ɽèÖúºÏ·¨Ô¿³×¿¨²¢ÊµÊ©NFCÖм̹¥»÷ÀûÓø鶴´ò¿ª³µÃÅ¡£

https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers


3. Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀú©¶´


Phoenix Contact PLCnext Engineer´æÔÚÊäÈëÑé֤©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ɽøÐÐĿ¼±éÀú¹¥»÷£¬¿É»ñÈ¡Web·þÎñÎļþϵͳÄÚµÄÈÎÒâÎļþ¡£

https://cert.vde.com/en-us/advisories/vde-2020-025


4. Adobe Photoshop CC CVE-2020-9687Ô½½ç䩶´


Adobe Photoshop CC´æÔÚÔ½½ç䩶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ɽøÐоܾø·þÎñ¹¥»÷»òÕßÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://helpx.adobe.com/security/products/photoshop/apsb20-45.html


5. HPE nagios plugin for iLO PHP´úÂë×¢È멶´


HPE nagios plugin for iLO´æÔÚÊäÈëÑé֤©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿É×¢ÈëÈÎÒâPHP´úÂë²¢Ö´ÐС£

https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677



> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢MozillaÐû²¼À×ÄñÄþ¾²¸üУ¬ÐÞ¸´¶à¸öÑÏÖصÄ©¶´


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird


2¡¢AvertX IPϵÁÐÉãÏñÍ·´æÔÚ3¸ö©¶´£¬¿É±»ÀûÓÃÌᳫ±©Á¦¹¥»÷


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/07/vulnerabilities-with-avertx-ip-security.html


3¡¢AdobeÐû²¼½ô¼±Äþ¾²¸üУ¬ÐÞ¸´¶à¿î²úÎïÖÐÈÎÒâ´úÂëÖ´ÐЩ¶´


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/


4¡¢ºÚ¿ÍÀûÓÃGoogleÔÆÌᳫµöÓã¹¥»÷£¬ÇÔÈ¡Office 365ƾ֤


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/    


5¡¢Ë¼¿ÆÐû²¼Äþ¾²¸üУ¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀú©¶´


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/23/cisco-releases-security-updates-asa-and-ftd-software