ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ32ÖÜ

°ä²¼¹¦·ò 2020-08-10

> ±¾ÖÜ°²È«Ì¬ÊÆ×ÛÊö


2020Äê08ÔÂ03ÈÕÖÁ08ÔÂ09ÈÕ¹²ÊÕ¼°²È«·ì϶59¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æÃýÎóÒýÓ÷ì϶£»Geutebruck G-Cam OSºÅÁî×¢Èë·ì϶£»Cisco StarOS IPv6»º³åÇøÒç¶Âí½Å£»Cohesive Networks vns3:vpn OSºÅÁî×¢Èë·ì϶; Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´Ðзì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊÇ×êÑÐÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆʱ²àÐÅ·¹¥»÷·½Ê½£»NordPass³ÆÓÐÉÏÍò¸öÅäÖÃÃýÎóµÄÊý¾Ý¿âй¶100Òڱʼͼ£»ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜÇ®±Ò£»¿¨°Í˹»ù·¢ÏÖÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý£»Intel 20GBÔ´´úÂëºÍ»úÃÜÎļþй¶£¬Ä¿Ç°ÆðԴδ֪¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜ°²È«ÍþвΪÖС£


³ÁÒª°²È«·ì϶Áбí


1.Advantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æÃýÎóÒýÓ÷ì϶


Advantech WebAccess HMI Designer´¦ÖÃÏîÄ¿Îļþ´æÔÚÀàÐÍ»ìºÏ°²È«·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÎļþÒªÇ󣬿ÉʹÀûÓ÷¨Ê½±ÀÀ£»òÒÔÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02


2. Geutebruck G-Cam OSºÅÁî×¢Èë·ì϶


GeutebruckG-Cam´æÔÚÊäÈëÑéÖ¤·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄURLÒªÇó£¬Äܹ»ROOTȨÏÞÖ´ÐÐËÁÒâºÅÁî¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03


3. Cisco StarOS IPv6»º³åÇøÒç¶Âí½Å


Cisco StarOS IPv6Á÷Á¿´¦ÖôæÔÚ»º³åÇøÒç¶Âí½Å£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄIPv6Êý¾Ý°ü£¬½øÐлؾø·þÎñ¹¥»÷¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m


4. Cohesive Networks vns3:vpn OSºÅÁî×¢Èë·ì϶


Cohesive Networks vns3:vpnÖÎÀí½çÃæ´æÔÚ°²È«·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó£¬Äܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâºÅÁî¡£

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0007/FEYE-2020-0007.md


5. Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´Ðзì϶


Android Qualcomm×é¼þ´æÔÚ°²È«£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó£¬Äܹ»ÏµÍ³¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://source.android.com/security/bulletin/2020-08-01


> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢×êÑÐÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆʱ²àÐÅ·¹¥»÷·½Ê½


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html


2¡¢NordPass³ÆÓÐÉÏÍò¸öÅäÖÃÃýÎóµÄÊý¾Ý¿âй¶100Òڱʼͼ


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/


3¡¢ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜÇ®±Ò


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/106726/hacking/2gether-hacked.html


4¡¢¿¨°Í˹»ù·¢ÏÖÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/#ftag=RSSbaffb68  


5¡¢Intel 20GBÔ´´úÂëºÍ»úÃÜÎļþй¶£¬Ä¿Ç°ÆðԴδ֪


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-internal-docs-from-alleged-breach/