ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ23ÖÜ

°ä²¼¹¦·ò 2020-06-09

> ±¾Öܰ²È«Ì¬ÊÆ×ÛÊö


2020Äê06ÔÂ01ÈÕÖÁ06ÔÂ07ÈÕ¹²ÊÕ¼°²È«·ì϶79¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇZoom Client´¦Öö¯»­GIFÐÂÎÅõè¾¶±éÀú·ì϶ £»Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç¶Âí½Å £»NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´Ðзì϶ £»IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´Ðзì϶ £»Docker EngineÖÐÑëÈ˹¥»÷·ì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊǶíÂÞ˹ºÚ¿Í¹¥»÷²¨À¼µ±¾Ö»ú¹¹ £¬°ä²¼Óйر±Ô¼ÑÝϰÐéαÐÅÏ¢ £»ÊÓÆµ¼ô¼­ÀûÓÃVivaVideo»òΪ¼äµýÈí¼þ £¬Ó°Ï쳬¹ý1.57ÒÚÓû§ £»Ó¡¶ÈÖ§¸¶ÀûÓÃBHIMÒòÅäÖÃÃýÎó £¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢ £»DopplePaymer°µÊ¾Òѳɹ¦ÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÓйØÎļþ £»Mozilla°ä²¼Firefox°²È«¸üР£¬½¨¸´¶à¸öËÁÒâ´úÂëÖ´Ðзì϶¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾Öܰ²È«ÍþвΪÖС£



>³ÁÒª°²È«·ì϶Áбí


1.Zoom Client´¦Öö¯»­GIFÐÂÎÅõè¾¶±éÀú·ì϶


Zoom Client´¦ÖÃÔ̺¬¶¯»­GIFµÄÐÂÎÅ´æÔÚĿ¼±éÀú·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÐÂÎÅÒªÇó £¬Äܹ»Ö¸±êÓû§¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë £¬»òÕû¸ö×éÓû§ÊÜÓ°Ïì¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055


2. Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç¶Âí½Å


Cisco 829 Industrial Integrated Services RoutersÖÎÀíinter-VMÐźŴæÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉʹÀûÓ÷¨Ê½±ÀÀ £»òÕßÄܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH


3. NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´Ðзì϶


NEC ESMPRO Manager RMI·þÎñ´æÔÚÊäÈëÑéÖ¤·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬Äܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-684/


4. IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´Ðзì϶


IBM WebSphere Application Server Network Deployment´æÔÚδÃ÷°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬Äܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vulnerability-in-websphere-application-server-nd-cve-2020-4448/


5. Docker EngineÖÐÑëÈ˹¥»÷·ì϶


Docker EngineËù´´½¨µÄÍøÂçÏνӻáĬÈϽӹÜIPv6·ÓÉÆ÷¹«¸æ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É½øÐÐÖÐÑëÈ˹¥»÷ £¬¿É»ñÈ¡Ãô¸ÐÐÅÏ¢¡£

https://github.com/docker/docker-ce/releases/v19.03.11



> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢¶íÂÞ˹ºÚ¿Í¹¥»÷²¨À¼µ±¾Ö»ú¹¹ £¬°ä²¼Óйر±Ô¼ÑÝϰÐéαÐÅÏ¢


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/05/russian-hackers-attacked-poland-due-to.html


2¡¢ÊÓÆµ¼ô¼­ÀûÓÃVivaVideo»òΪ¼äµýÈí¼þ £¬Ó°Ï쳬¹ý1.57ÒÚÓû§


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Ô­ÎÄÁ´½Ó£º

https://latesthackingnews.com/2020/05/31/vivavideo-and-other-apps-with-over-157-million-installs-spy-on-users/


3¡¢Ó¡¶ÈÖ§¸¶ÀûÓÃBHIMÒòÅäÖÃÃýÎó £¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/indian-payment-app-bhim-data-breach/


4¡¢DopplePaymer°µÊ¾Òѳɹ¦ÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÓйØÎļþ


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/


5¡¢Mozilla°ä²¼Firefox°²È«¸üР£¬½¨¸´¶à¸öËÁÒâ´úÂëÖ´Ðзì϶


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Ô­ÎÄÁ´½Ó£º

https://www.theregister.com/2020/06/04/firefox_77_security_fixes/