ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ31ÖÜ

Ðû²¼Ê±¼ä 2020-08-04

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê07ÔÂ27ÈÕÖÁ08ÔÂ02ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´72¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇCisco SD-WAN Solution Software»º³åÇøÒç³ö©¶´£»Grandstream HT800 series OSÃüÁî×¢È멶´£»Ruckus Networks Unleashed C110 emfd/libemfÃüÁî×¢È멶´£»NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³ö©¶´; Softing Industrial Automation OPC »º³åÇøÒç³ö©¶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊǺڿÍÀûÓõç×ÓÒøÐÐDaveÖЩ¶´£¬ÇÔÈ¡750ÍòÓû§Êý¾Ý£»Òò»ù´¡¼Ü¹¹ÅäÖôíÎó£¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶£»ºÚ¿ÍÔÚ°µÍø¹ûÈ»ÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Ç¼£»AdobeÐû²¼Äþ¾²¸üУ¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐЩ¶´£»GRUB2ÖЩ¶´BootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinuxÉ豸¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖС£



>ÖØÒªÄþ¾²Â©¶´Áбí


1.Cisco SD-WAN Solution Software»º³åÇøÒç³ö©¶´


Cisco SD-WAN Solution Software´æÔÚ»º³åÇøÒç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ£»òÒÔROOTÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL


2. Grandstream HT800 series OSÃüÁî×¢È멶´


Grandstream HT800 series´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ɴ´½¨ÅäÖÃÎļþ²¢·¢ËÍÌØÊâµÄSIPÏûÏ¢ÒÔROOTȨÏÞÖ´ÐÐÈÎÒâÃüÁî¡£

https://www.tenable.com/security/research/tra-2020-47


3. Ruckus Networks Unleashed C110 emfd/libemfÃüÁî×¢È멶´


Ruckus Networks Unleashed C110 emfd/libemf´æÔÚÊäÈëÑé֤©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿É×¢ÈëÈÎÒâÃüÁî²¢Ö´ÐС£

https://support.ruckuswireless.com/security_bulletins/304


4. NETGEAR R6700 httpd strtblupgrade¶Ñ»º³åÇøÒç³ö©¶´


NETGEAR R6700 httpd strtblupgrade´¦ÖôæÔÚ¶ÑÒç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ£»ò¿ÉÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-708/


5. Softing Industrial Automation OPC »º³åÇøÒç³ö©¶´


Softing Industrial Automation OPC´æÔÚ»ùÓڶѵĻº³åÇøÒç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ£»ò¿ÉÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02



> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢ºÚ¿ÍÀûÓõç×ÓÒøÐÐDaveÖЩ¶´£¬ÇÔÈ¡750ÍòÓû§Êý¾Ý


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/#ftag=RSSbaffb68


2¡¢Òò»ù´¡¼Ü¹¹ÅäÖôíÎó£¬Î¢ÈíºÍAdobeµÈ¹«Ë¾Ô­´úÂëй¶


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/


3¡¢ºÚ¿ÍÔÚ°µÍø¹ûÈ»ÒÔÉ«ÁÐÊÓƵ¹«Ë¾Promo 2200ÍòÓû§¼Ç¼


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/


4¡¢AdobeÐû²¼Äþ¾²¸üУ¬ÐÞ¸´MagentoÖÐÁ½¸ö´úÂëÖ´ÐЩ¶´


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/    


5¡¢GRUB2ÖЩ¶´BootHoleÓ°ÏìÊýÊ®ÒÚWindowsºÍLinuxÉ豸


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/