ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ30ÖÜ

Ðû²¼Ê±¼ä 2020-07-27

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ20ÈÕÖÁ07ÔÂ26ÈÕ¹²ÊÕ¼Çå¾²Îó²î57¸ö£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇTenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î£»£»£»£»£»£»Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î£»£»£»£»£»£»Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î£»£»£»£»£»£»Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î; HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î¡£¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇMozillaÐû²¼À×ÄñÇå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î£»£»£»£»£»£»AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬£¬£¬£¬£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷£»£»£»£»£»£»AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î£»£»£»£»£»£»ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬£¬£¬£¬£¬ÇÔÈ¡Office 365ƾ֤£»£»£»£»£»£»Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î¡£¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Tenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î


Tenda AC15 AC1900 goform/AdvSetLanip¶Ëµã±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄ¡®lanIp POST¡¯²ÎÊýÇëÇ󣬣¬£¬£¬£¬¿ÉÖ´ÐÐí§ÒâϵͳÏÂÁî¡£¡£¡£¡£¡£¡£

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68


2. Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î


Tesla Model 3±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿É½èÖúÕýµ±Ô¿³×¿¨²¢ÊµÑéNFCÖм̹¥»÷ʹÓøÃÎó²î·­¿ª³µÃÅ¡£¡£¡£¡£¡£¡£

https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers


3. Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î


Phoenix Contact PLCnext Engineer±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿É¾ÙÐÐĿ¼±éÀú¹¥»÷£¬£¬£¬£¬£¬¿É»ñÈ¡WebЧÀÍÎļþϵͳÄÚµÄí§ÒâÎļþ¡£¡£¡£¡£¡£¡£

https://cert.vde.com/en-us/advisories/vde-2020-025


4. Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î


Adobe Photoshop CC±£´æÔ½½çдÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿É¾ÙÐоܾøЧÀ͹¥»÷»òÕßÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://helpx.adobe.com/security/products/photoshop/apsb20-45.html


5. HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î


HPE nagios plugin for iLO±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿É×¢Èëí§ÒâPHP´úÂë²¢Ö´ÐС£¡£¡£¡£¡£¡£

https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢MozillaÐû²¼À×ÄñÇå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird


2¡¢AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬£¬£¬£¬£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/07/vulnerabilities-with-avertx-ip-security.html


3¡¢AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/


4¡¢ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬£¬£¬£¬£¬ÇÔÈ¡Office 365ƾ֤


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/    


5¡¢Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/23/cisco-releases-security-updates-asa-and-ftd-software