ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ30ÖÜ

Ðû²¼Ê±¼ä 2020-07-27

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ20ÈÕÖÁ07ÔÂ26ÈÕ¹²ÊÕ¼Çå¾²Îó²î57¸ö£¬£¬ £¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇTenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î£»£»£»£» £»£»£»£»Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î£»£»£»£» £»£»£»£»Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î£»£»£»£» £»£»£»£»Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î; HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î¡£¡£¡£¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇMozillaÐû²¼À×ÄñÇå¾²¸üУ¬£¬ £¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î£»£»£»£» £»£»£»£»AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬£¬ £¬£¬£¬£¬£¬£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷£»£»£»£» £»£»£»£»AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬£¬ £¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î£»£»£»£» £»£»£»£»ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬£¬ £¬£¬£¬£¬£¬£¬ÇÔÈ¡Office 365ƾ֤£»£»£»£» £»£»£»£»Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬ £¬£¬£¬£¬£¬£¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î¡£¡£¡£¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬ £¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Tenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î


Tenda AC15 AC1900 goform/AdvSetLanip¶Ëµã±£´æÇå¾²Îó²î£¬£¬ £¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄ¡®lanIp POST¡¯²ÎÊýÇëÇ󣬣¬ £¬£¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§ÒâϵͳÏÂÁî¡£¡£¡£¡£¡£¡£¡£¡£

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68


2. Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î


Tesla Model 3±£´æÇå¾²Îó²î£¬£¬ £¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬£¬£¬£¬¿É½èÖúÕýµ±Ô¿³×¿¨²¢ÊµÑéNFCÖм̹¥»÷ʹÓøÃÎó²î·­¿ª³µÃÅ¡£¡£¡£¡£¡£¡£¡£¡£

https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers


3. Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î


Phoenix Contact PLCnext Engineer±£´æÊäÈëÑéÖ¤Îó²î£¬£¬ £¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬£¬£¬£¬¿É¾ÙÐÐĿ¼±éÀú¹¥»÷£¬£¬ £¬£¬£¬£¬£¬£¬¿É»ñÈ¡WebЧÀÍÎļþϵͳÄÚµÄí§ÒâÎļþ¡£¡£¡£¡£¡£¡£¡£¡£

https://cert.vde.com/en-us/advisories/vde-2020-025


4. Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î


Adobe Photoshop CC±£´æÔ½½çдÎó²î£¬£¬ £¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬£¬£¬£¬¿É¾ÙÐоܾøЧÀ͹¥»÷»òÕßÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£¡£

https://helpx.adobe.com/security/products/photoshop/apsb20-45.html


5. HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î


HPE nagios plugin for iLO±£´æÊäÈëÑéÖ¤Îó²î£¬£¬ £¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬£¬£¬£¬¿É×¢Èëí§ÒâPHP´úÂë²¢Ö´ÐС£¡£¡£¡£¡£¡£¡£¡£

https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢MozillaÐû²¼À×ÄñÇå¾²¸üУ¬£¬ £¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird


2¡¢AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬£¬ £¬£¬£¬£¬£¬£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/07/vulnerabilities-with-avertx-ip-security.html


3¡¢AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬£¬ £¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/


4¡¢ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬£¬ £¬£¬£¬£¬£¬£¬ÇÔÈ¡Office 365ƾ֤


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/    


5¡¢Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬ £¬£¬£¬£¬£¬£¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/23/cisco-releases-security-updates-asa-and-ftd-software