ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ32ÖÜ

Ðû²¼Ê±¼ä 2020-08-10

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê08ÔÂ03ÈÕÖÁ08ÔÂ09ÈÕ¹²ÊÕ¼Çå¾²Îó²î59¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ¹ýʧÒýÓÃÎó²î£»Geutebruck G-Cam OSÏÂÁî×¢ÈëÎó²î£»Cisco StarOS IPv6»º³åÇøÒç³öÎó²î£»Cohesive Networks vns3:vpn OSÏÂÁî×¢ÈëÎó²î; Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐÐÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇÑо¿Ö°Ô±·¢Ã÷HTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½·¨£»NordPass³ÆÓÐÉÏÍò¸öÉèÖùýʧµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Í¼£»ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜÇ®±Ò£»¿¨°Í˹»ù·¢Ã÷ÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý£»Intel 20GBÔ´´úÂëºÍÉñÃØÎļþй¶£¬ÏÖÔÚȪԴδ֪¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£


Ö÷ÒªÇå¾²Îó²îÁбí


1.Advantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ¹ýʧÒýÓÃÎó²î


Advantech WebAccess HMI Designer´¦Öóͷ£ÏîÄ¿Îļþ±£´æÀàÐÍ»ìÏýÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ£»òÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02


2. Geutebruck G-Cam OSÏÂÁî×¢ÈëÎó²î


GeutebruckG-Cam±£´æÊäÈëÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄURLÇëÇ󣬿ÉÒÔROOTȨÏÞÖ´ÐÐí§ÒâÏÂÁî¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03


3. Cisco StarOS IPv6»º³åÇøÒç³öÎó²î


Cisco StarOS IPv6Á÷Á¿´¦Öóͷ£±£´æ»º³åÇøÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄIPv6Êý¾Ý°ü£¬¾ÙÐоܾø·þÎñ¹¥»÷¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m


4. Cohesive Networks vns3:vpn OSÏÂÁî×¢ÈëÎó²î


Cohesive Networks vns3:vpnÖÎÀí½çÃæ±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§ÒâÏÂÁî¡£

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0007/FEYE-2020-0007.md


5. Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐÐÎó²î


Android Qualcomm×é¼þ±£´æÇå¾²£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔϵͳÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://source.android.com/security/bulletin/2020-08-01


> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢Ñо¿Ö°Ô±·¢Ã÷HTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½·¨


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html


2¡¢NordPass³ÆÓÐÉÏÍò¸öÉèÖùýʧµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Í¼


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/


3¡¢ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜÇ®±Ò


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/106726/hacking/2gether-hacked.html


4¡¢¿¨°Í˹»ù·¢Ã÷ÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/#ftag=RSSbaffb68  


5¡¢Intel 20GBÔ´´úÂëºÍÉñÃØÎļþй¶£¬ÏÖÔÚȪԴδ֪


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-internal-docs-from-alleged-breach/