ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ32ÖÜ

Ðû²¼Ê±¼ä 2020-08-10

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê08ÔÂ03ÈÕÖÁ08ÔÂ09ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´59¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ´íÎóÒýÓ鶴£»Geutebruck G-Cam OSÃüÁî×¢È멶´£»Cisco StarOS IPv6»º³åÇøÒç³ö©¶´£»Cohesive Networks vns3:vpn OSÃüÁî×¢È멶´; Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐЩ¶´ ¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊÇÑо¿ÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½Ê½£»NordPass³ÆÓÐÉÏÍò¸öÅäÖôíÎóµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Ç¼£»ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜ»õ±Ò£»¿¨°Í˹»ù·¢ÏÖÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý£»Intel 20GBÔ´´úÂëºÍ»úÃÜÎļþй¶£¬Ä¿Ç°À´Ô´Î´Öª ¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖÐ ¡£


ÖØÒªÄþ¾²Â©¶´Áбí


1.Advantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ´íÎóÒýÓ鶴


Advantech WebAccess HMI Designer´¦ÖÃÏîÄ¿Îļþ´æÔÚÀàÐÍ»ìÏýÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÎļþÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ£»òÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë ¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02


2. Geutebruck G-Cam OSÃüÁî×¢È멶´


GeutebruckG-Cam´æÔÚÊäÈëÑé֤©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄURLÇëÇ󣬿ÉÒÔROOTȨÏÞÖ´ÐÐÈÎÒâÃüÁî ¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03


3. Cisco StarOS IPv6»º³åÇøÒç³ö©¶´


Cisco StarOS IPv6Á÷Á¿´¦ÖôæÔÚ»º³åÇøÒç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄIPv6Êý¾Ý°ü£¬½øÐоܾø·þÎñ¹¥»÷ ¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m


4. Cohesive Networks vns3:vpn OSÃüÁî×¢È멶´


Cohesive Networks vns3:vpn¹ÜÀí½çÃæ´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâÃüÁî ¡£

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0007/FEYE-2020-0007.md


5. Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐЩ¶´


Android Qualcomm×é¼þ´æÔÚÄþ¾²£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔϵͳÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë ¡£

https://source.android.com/security/bulletin/2020-08-01


> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢Ñо¿ÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½Ê½


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html


2¡¢NordPass³ÆÓÐÉÏÍò¸öÅäÖôíÎóµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Ç¼


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/


3¡¢ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜ»õ±Ò


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/106726/hacking/2gether-hacked.html


4¡¢¿¨°Í˹»ù·¢ÏÖÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/#ftag=RSSbaffb68  


5¡¢Intel 20GBÔ´´úÂëºÍ»úÃÜÎļþй¶£¬Ä¿Ç°À´Ô´Î´Öª


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-internal-docs-from-alleged-breach/