ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ31ÖÜ

Ðû²¼Ê±¼ä 2020-08-04

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ27ÈÕÖÁ08ÔÂ02ÈÕ¹²ÊÕ¼Çå¾²Îó²î72¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇCisco SD-WAN Solution Software»º³åÇøÒç³öÎó²î £»Grandstream HT800 series OSÏÂÁî×¢ÈëÎó²î £»Ruckus Networks Unleashed C110 emfd/libemfÏÂÁî×¢ÈëÎó²î £»NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³öÎó²î; Softing Industrial Automation OPC »º³åÇøÒç³öÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍʹÓõç×ÓÒøÐÐDaveÖÐÎó²î£¬ÇÔÈ¡750ÍòÓû§Êý¾Ý £»Òò»ù´¡¼Ü¹¹ÉèÖùýʧ£¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶ £»ºÚ¿ÍÔÚ°µÍø¹ûÕæÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Í¼ £»AdobeÐû²¼Çå¾²¸üУ¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐÐÎó²î £»GRUB2ÖÐÎó²îBootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinux×°±¸¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Cisco SD-WAN Solution Software»º³åÇøÒç³öÎó²î


Cisco SD-WAN Solution Software±£´æ»º³åÇøÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ £»òÒÔROOTÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL


2. Grandstream HT800 series OSÏÂÁî×¢ÈëÎó²î


Grandstream HT800 series±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ɽ¨ÉèÉèÖÃÎļþ²¢·¢ËÍÌØÊâµÄSIPÐÂÎÅÒÔROOTȨÏÞÖ´ÐÐí§ÒâÏÂÁî¡£

https://www.tenable.com/security/research/tra-2020-47


3. Ruckus Networks Unleashed C110 emfd/libemfÏÂÁî×¢ÈëÎó²î


Ruckus Networks Unleashed C110 emfd/libemf±£´æÊäÈëÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿É×¢Èëí§ÒâÏÂÁî²¢Ö´ÐС£

https://support.ruckuswireless.com/security_bulletins/304


4. NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³öÎó²î


NETGEAR R6700 httpd strtblupgrade´¦Öóͷ£±£´æ¶ÑÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ £»ò¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-708/


5. Softing Industrial Automation OPC »º³åÇøÒç³öÎó²î


Softing Industrial Automation OPC±£´æ»ùÓڶѵĻº³åÇøÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ £»ò¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿ÍʹÓõç×ÓÒøÐÐDaveÖÐÎó²î£¬ÇÔÈ¡750ÍòÓû§Êý¾Ý


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/#ftag=RSSbaffb68


2¡¢Òò»ù´¡¼Ü¹¹ÉèÖùýʧ£¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/


3¡¢ºÚ¿ÍÔÚ°µÍø¹ûÕæÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Í¼


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/


4¡¢AdobeÐû²¼Çå¾²¸üУ¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐÐÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/    


5¡¢GRUB2ÖÐÎó²îBootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinux×°±¸


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/