ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ33ÖÜ

Ðû²¼Ê±¼ä 2020-08-17

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê08ÔÂ10ÈÕÖÁ08ÔÂ16ÈÕ¹²ÊÕ¼Çå¾²Îó²î77¸ö£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇApache Struts CVE-2019-0230´úÂëÖ´ÐÐÎó²î£»£»£»£»£»Citrix Systems XenMobile Server CVE-2020-8211δÃ÷í§Òâ´úÂëÖ´ÐÐÎó²î£»£»£»£»£»Schneider Electric APC Easy UPS On-Line `FileUploadServlet`·¾¶±éÀúÎó²î£»£»£»£»£»SAP Business Objects Business Intelligence Platform XvfbÑéÖ¤ÈƹýÎó²î; Shenzhen Hichip Vision Technology Firmware P2PЧÀÍ´úÂëÖ´ÐÐÎó²î¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇFBIÖÒÑÔÒÁÀʺڿÍʹÓÃF5 BIG-IPÎó²î¹¥»÷ADC×°±¸£»£»£»£»£»Check Point·¢Ã÷¸ßͨµÄSnapdragonоƬ±£´æ400¶à¸öÎó²î£»£»£»£»£»Nusenu·¢Ã÷δ֪×é֯ЮÖÆTor½üËÄ·ÖÖ®Ò»µÄ³ö¿Ú½Úµã£»£»£»£»£»AdobeÐû²¼Çå¾²¸üУ¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖеÄ26¸öÎó²î£»£»£»£»£»FBIºÍNSAÁªºÏÅû¶¶íÂÞ˹Õë¶ÔLinuxµÄ¶ñÒâÈí¼þDrovorub¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£


Ö÷ÒªÇå¾²Îó²îÁбí


1. Apache Struts CVE-2019-0230´úÂëÖ´ÐÐÎó²î


Apache Struts¿ò¼ÜÔÚ±»Ç¿ÖÆʹÓÃʱ£¬£¬£¬£¬»á¶Ô±êÇ©µÄÊôÐÔ¾ÙÐжþ´ÎÇóÖµÎó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£Ö»ÓÐÔÚStruts±êÇ©ÊôÐÔÖÐÇ¿ÖÆʹÓÃOGNL±í´ïʽʱ£¬£¬£¬£¬²Å»ª´¥·¢Îó²î¡£¡£

https://cwiki.apache.org/confluence/display/ww/s2-059


2. Citrix Systems XenMobile Server CVE-2020-8211δÃ÷í§Òâ´úÂëÖ´ÐÐÎó²î


Citrix Systems XenMobile Server±£´æδÃ÷Çå¾²Îó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£

https://www.auscert.org.au/bulletins/ESB-2020.2780/


3. Schneider Electric APC Easy UPS On-Line `FileUploadServlet`·¾¶±éÀúÎó²î


Schneider Electric APC Easy UPS On-Line `FileUploadServlet`±£´æĿ¼±éÀúÎó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉÉÏ´«í§ÒâÎļþµ½í§ÒâĿ¼¡£¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-224-02


4. SAP Business Objects Business Intelligence Platform XvfbÑéÖ¤ÈƹýÎó²î


SAP Business Objects Business Intelligence Platform Xvfb±£´æÑéÖ¤ÈƹýÎó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉδÊÚȨ»á¼ûÓ¦Óᣡ£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345


5. Shenzhen Hichip Vision Technology Firmware P2PЧÀÍ´úÂëÖ´ÐÐÎó²î


Shenzhen Hichip Vision Technology Firmware P2PЧÀͱ£´æÇå¾²Îó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£

https://redprocyon.com



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢FBIÖÒÑÔÒÁÀʺڿÍʹÓÃF5 BIG-IPÎó²î¹¥»÷ADC×°±¸


bevictorΰµÂ¹ÙÍø-ΤµÂ¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/fbi-iranian-hackers-trying-to-exploit-critical-f5-big-ip-flaw/


2¡¢Check Point·¢Ã÷¸ßͨµÄSnapdragonоƬ±£´æ400¶à¸öÎó²î


bevictorΰµÂ¹ÙÍø-ΤµÂ¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.hackread.com/chip-flaws-turn-android-phones-into-spying-tool/


3¡¢Nusenu·¢Ã÷δ֪×é֯ЮÖÆTor½üËÄ·ÖÖ®Ò»µÄ³ö¿Ú½Úµã


bevictorΰµÂ¹ÙÍø-ΤµÂ¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/a-mysterious-group-has-hijacked-tor-exit-nodes-to-perform-ssl-stripping-attacks/


4¡¢AdobeÐû²¼Çå¾²¸üУ¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖеÄ26¸öÎó²î


bevictorΰµÂ¹ÙÍø-ΤµÂ¹Ù·½ÍøÕ¾

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-code-execution-bugs-in-acrobat-and-reader/    


5¡¢FBIºÍNSAÁªºÏÅû¶¶íÂÞ˹Õë¶ÔLinuxµÄ¶ñÒâÈí¼þDrovorub


bevictorΰµÂ¹ÙÍø-ΤµÂ¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers/