ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ31ÖÜ

Ðû²¼Ê±¼ä 2020-08-04

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ27ÈÕÖÁ08ÔÂ02ÈÕ¹²ÊÕ¼Çå¾²Îó²î72¸ö£¬£¬ £¬ÖµµÃ¹Ø×¢µÄÊÇCisco SD-WAN Solution Software»º³åÇøÒç³öÎó²î£»£»£»£»Grandstream HT800 series OSÏÂÁî×¢ÈëÎó²î£»£»£»£»Ruckus Networks Unleashed C110 emfd/libemfÏÂÁî×¢ÈëÎó²î£»£»£»£»NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³öÎó²î; Softing Industrial Automation OPC »º³åÇøÒç³öÎó²î¡£¡£ ¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍʹÓõç×ÓÒøÐÐDaveÖÐÎó²î£¬£¬ £¬ÇÔÈ¡750ÍòÓû§Êý¾Ý£»£»£»£»Òò»ù´¡¼Ü¹¹ÉèÖùýʧ£¬£¬ £¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶£»£»£»£»ºÚ¿ÍÔÚ°µÍø¹ûÕæÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Í¼£»£»£»£»AdobeÐû²¼Çå¾²¸üУ¬£¬ £¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐÐÎó²î£»£»£»£»GRUB2ÖÐÎó²îBootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinux×°±¸¡£¡£ ¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬ £¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£ ¡£¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Cisco SD-WAN Solution Software»º³åÇøÒç³öÎó²î


Cisco SD-WAN Solution Software±£´æ»º³åÇøÒç³öÎó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»òÒÔROOTÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL


2. Grandstream HT800 series OSÏÂÁî×¢ÈëÎó²î


Grandstream HT800 series±£´æÇå¾²Îó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿É½¨ÉèÉèÖÃÎļþ²¢·¢ËÍÌØÊâµÄSIPÐÂÎÅÒÔROOTȨÏÞÖ´ÐÐí§ÒâÏÂÁî¡£¡£ ¡£¡£¡£¡£¡£

https://www.tenable.com/security/research/tra-2020-47


3. Ruckus Networks Unleashed C110 emfd/libemfÏÂÁî×¢ÈëÎó²î


Ruckus Networks Unleashed C110 emfd/libemf±£´æÊäÈëÑéÖ¤Îó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿É×¢Èëí§ÒâÏÂÁî²¢Ö´ÐС£¡£ ¡£¡£¡£¡£¡£

https://support.ruckuswireless.com/security_bulletins/304


4. NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³öÎó²î


NETGEAR R6700 httpd strtblupgrade´¦Öóͷ£±£´æ¶ÑÒç³öÎó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»ò¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-708/


5. Softing Industrial Automation OPC »º³åÇøÒç³öÎó²î


Softing Industrial Automation OPC±£´æ»ùÓڶѵĻº³åÇøÒç³öÎó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»ò¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿ÍʹÓõç×ÓÒøÐÐDaveÖÐÎó²î£¬£¬ £¬ÇÔÈ¡750ÍòÓû§Êý¾Ý


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/#ftag=RSSbaffb68


2¡¢Òò»ù´¡¼Ü¹¹ÉèÖùýʧ£¬£¬ £¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/


3¡¢ºÚ¿ÍÔÚ°µÍø¹ûÕæÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Í¼


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/


4¡¢AdobeÐû²¼Çå¾²¸üУ¬£¬ £¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐÐÎó²î


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/    


5¡¢GRUB2ÖÐÎó²îBootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinux×°±¸


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/