ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ08ÖÜ
Ðû²¼Ê±¼ä 2020-02-24> ±¾ÖÜÇå¾²Ì¬ÊÆ×ÛÊö
2020Äê02ÔÂ17ÈÕÖÁ23ÈÕ¹²ÊÕ¼Çå¾²Îó²î51¸ö£¬£¬ÖµµÃ¹Ø×¢µÄÊÇB&R Industrial Automation Automation Studio SNMPЧÀÍÊÚȨÎó²î; Apache Tomcat AJPconnectorÎļþ°üÀ¨Îó²î£»£»£»£»£»Adobe Media EncoderÔ½½çд´úÂëÖ´ÐÐÎó²î£»£»£»£»£»Cisco Enterprise NFV Infrastructure SoftwareÉý¼¶×é¼þÑéÖ¤Îó²î£»£»£»£»£»Ansible pipe lookup²å¼þí§ÒâÏÂÁîÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£
±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇÖйúÈËÃñÒøÐÐÐû²¼2020°æ¡¶ÍøÉÏÒøÐÐϵͳÐÅÏ¢Ç徲ͨÓù淶¡·£»£»£»£»£»Apache TomcatÎļþ°üÀ¨Îó²î£¨CVE-2020-1938£©£»£»£»£»£»Çå¾²Ñо¿Ö°Ô±Åû¶΢Èí¶à¸ö×ÓÓòÃû±»Ð®ÖÆÎÊÌ⣻£»£»£»£»ÃÀ¹ú×ÔÈ»Æø¹ÜµÀÔËÓªÉÌÔâµ½ÀÕË÷Èí¼þ¹¥»÷£»£»£»£»£»ÒÁÀʺڿÍʹÓÃVPNÈí¼þÎó²î¹¥»÷È«ÇòµÄÆóÒµºÍÕþ¸®»ú¹¹¡£¡£¡£¡£¡£¡£
ƾ֤ÒÔÉÏ×ÛÊö£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£
>Ö÷ÒªÇå¾²Îó²îÁбí
1. B&R Industrial Automation Automation Studio SNMPЧÀÍÊÚȨÎó²î
B&R Industrial Automation Automation Studio SNMPЧÀͱ£´æÇå¾²Îó²î£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬¿ÉÐÞ¸ÄЧÀÍÉèÖᣡ£¡£¡£¡£¡£
https://www.us-cert.gov/ics/advisories/icsa-20-051-01
2. Apache Tomcat AJPconnectorÎļþ°üÀ¨Îó²î
Apache Tomcat AJPconnector±£´æÊµÏÖȱÏݵ¼ÖÂÏà¹Ø²ÎÊý¿É¿Ø£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬¿É¶ÁȡϵͳÎļþ»òÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£
https://mp.weixin.qq.com/s/qIG_z9imxdLUobviSv7knw
3. Adobe Media EncoderÔ½½çд´úÂëÖ´ÐÐÎó²î
Adobe Media Encoder´¦Öóͷ£Îļþ±£´æ»º³åÇøÒç³öÎó²î£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬ÓÕʹÓÃÓÚÆÊÎö£¬£¬¿ÉʹӦÓóÌÐòÍ߽⻣»£»£»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
4. Cisco Enterprise NFV Infrastructure SoftwareÉý¼¶×é¼þÑéÖ¤Îó²î
Cisco Enterprise NFV Infrastructure SoftwareÉý¼¶×é¼þ±£´æÇå¾²Îó²î£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬Éý¼¶¶ñÒâ¹Ì¼þ£¬£¬Ö´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-codex-shs4NhvS
5. Ansible pipe lookup²å¼þí§ÒâÏÂÁîÖ´ÐÐÎó²î
Ansible pipe lookup²å¼þsubprocess.Popen()±£´æÇå¾²Îó²î£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬¿ÉÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£¡£¡£
https://access.redhat.com/security/cve/cve-2020-1734
> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö
1¡¢ÖйúÈËÃñÒøÐÐÐû²¼2020°æ¡¶ÍøÉÏÒøÐÐϵͳÐÅÏ¢Ç徲ͨÓù淶¡·
ÖйúÈËÃñÒøÐÐÏ·¢¡¶¹ØÓÚ<ÍøÉÏÒøÐÐϵͳÐÅÏ¢Ç徲ͨÓù淶>ÐÐÒµ±ê×¼µÄ֪ͨ¡·£¨Òø·¢[2020]35ºÅ£©£¬£¬Ðû²¼ÐÂ°æ¡¶ÍøÉÏÒøÐÐϵͳÐÅÏ¢Ç徲ͨÓù淶¡·(JR/T 0068-2020)£¬£¬¸Ã°æ±¾ÊÇ2012°æ¹æ·¶(JR/T 0068-2012)µÄÌæ»»ÐÞ¶©°æ±¾¡£¡£¡£¡£¡£¡£ÐÂ°æ¹æ·¶ÓÐÈý¸öÖØµãÐÞ¶©ÄÚÈÝ£º1¡¢Õë¶ÔÐÂÊÖÒÕ·ºÆðºÍÓ¦ÓÃÌá³öÁËеÄÇå¾²ÒªÇó£¨ÀýÈçÔöÌíÁËÐéÄ⻯¡¢ÔÆÅÌËãÇå¾²Ïà¹ØÒªÇ󣬣¬ÔöÌí¹úÃÜSMϵÁÐËã·¨Ïà¹ØµÄÇå¾²ÒªÇ󣬣¬ÔöÌí¶ÔÇå¾²µ¥Î»ºÍÒÆ¶¯ÖÕ¶ËÖ§¸¶¿ÉÐÅÇéÐÎÏà¹ØÒªÇ󣩣»£»£»£»£»2¡¢¾ÍеÄÓªÒµºÍî¿ÏµÒªÇó¾ÙÐÐÁËÔö²¹ºÍÃ÷È·£¨ÀýÈçÔöÌíÁËÌõÂëÖ§¸¶¡¢ÉúÒâÇå¾²ËøºÍ¢ò¡¢¢óÀàÕË»§µÄÏà¹ØÒªÇ󣩣»£»£»£»£»3¡¢ÖØÐÂÊáÀí²¢ÌáÉý¹ØÓÚÓªÒµÒ»Á¬ÐÔÓëÔÖÄѻָ´¡¢Çå¾²ÊÂÎñÓëÓ¦¼±ÏìÓ¦µÄÇå¾²ÒªÇ󡣡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.cebnet.com.cn/20200219/102639904.html
2¡¢Apache TomcatÎļþ°üÀ¨Îó²î£¨CVE-2020-1938£©
Apache TomcatЧÀÍÆ÷±£´æÎļþ°üÀ¨Îó²î£¨CVE-2020-1938£©£¬£¬¹¥»÷Õß¿ÉʹÓøÃÎó²î¶ÁÈ¡»ò°üÀ¨TomcatÉÏËùÓÐwebappĿ¼ÏµÄí§ÒâÎļþ£¬£¬È磺webappÉèÖÃÎļþ»òÔ´´úÂëµÈ¡£¡£¡£¡£¡£¡£¸ÃÎó²îÓëTomcat AJPÐÒéÓйأ¬£¬Tomcat AJP ConnectorĬÈÏÉèÖÃϼ´Îª¿ªÆô״̬£¬£¬²¢ÇÒ¼àÌý¶Ë¿Ú8009¡£¡£¡£¡£¡£¡£¸ÃÎó²îÓ°ÏìÁËTomcat 6/7/8/9È«°æ±¾£¬£¬Apache¹Ù·½ÒÑÐû²¼9.0.31¡¢8.5.51¼°7.0.100°æ±¾Õë¶Ô´ËÎó²î¾ÙÐÐÐÞ¸´£¬£¬½¨ÒéÓû§ÏÂÔØÊ¹Óᣡ£¡£¡£¡£¡£ÓÉÓÚTomcat 6ÒѾ×èֹά»¤£¬£¬½¨ÒéÓû§Éý¼¶µ½×îÐÂÊÜÖ§³ÖµÄTomcat°æ±¾ÒÔÃâÔâÊܹ¥»÷¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.cnvd.org.cn/flaw/show/CNVD-2020-10487
3¡¢Çå¾²Ñо¿Ö°Ô±Åû¶΢Èí¶à¸ö×ÓÓòÃû±»Ð®ÖÆÎÊÌâ
NIC.gpÇå¾²Ñо¿Ô±Michel GaschetÖ¸³ö΢Èí±£´æ¶à¸ö×ÓÓòÃûÐ®ÖÆÎÊÌ⣬£¬ÕâЩ×ÓÓòÃû¿ÉÄܱ»Ð®ÖƺÍÓÃÓÚ¹¥»÷Óû§¡¢Ô±¹¤»òÏÔʾÀ¬»øÄÚÈÝ¡£¡£¡£¡£¡£¡£ÔÚÒÑÍùÈýÄêÖУ¬£¬GaschetÒ»Ö±ÔÚÏò΢Èí±¨¸æ´øÓйýʧÉèÖõÄDNS¼Í¼µÄ×ÓÓòÃû£¬£¬ÀýÈç2017ÄêËû±¨¸æÁË21¸öÒ×±»Ð®ÖƵÄmsn.com×ÓÓòÃû£¬£¬2019ÄêËûÓÖ±¨¸æÁË142¸öÉèÖùýʧµÄmicrosoft.com×ÓÓòÃû£¬£¬µ«Î¢Èí½öÐÞ¸´ÁËÆäÖÐ5£¥µ½10£¥µÄ×ÓÓòÃû¡£¡£¡£¡£¡£¡£Gaschet»¹Ö¸³öËûÖÁÉÙÔÚ4¸öÕýµ±µÄ΢Èí×ÓÓòÖз¢Ã÷ÁËÓ¡¶ÈÄáÎ÷ÑÇÆË¿Ë¶Ä³¡µÄ¹ã¸æ£¬£¬°üÀ¨portal.ds.microsoft.com¡¢perfect10.microsoft.com¡¢ies.global.microsoft.comºÍblog-ambassadors.microsoft.com¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/
4¡¢ÃÀ¹ú×ÔÈ»Æø¹ÜµÀÔËÓªÉÌÔâµ½ÀÕË÷Èí¼þ¹¥»÷
ƾ֤ÃÀ¹úÁìÍÁÇå¾²²¿ÍøÂçÇå¾²ºÍ»ù´¡ÉèÊ©Çå¾²¾Ö£¨DHS CISA£©Ðû²¼µÄת´ï£¬£¬Ò»¼Òδǩ×ÖµÄÃÀ¹ú×ÔÈ»ÆøÑ¹Ëõ¹¤³§ÔâÀÕË÷Èí¼þ¹¥»÷£¬£¬µ¼ÖÂÔËÓªÖÐÖ¹ÁËÁ½ÌìµÄʱ¼ä¡£¡£¡£¡£¡£¡£CISAÌåÏÖ¹¥»÷ÕßÊ×ÏÈʹÓô¹ÂÚÁ´½Ó»ñµÃÁ˶ԸÃ×éÖ¯ITÍøÂçµÄ»á¼û£¬£¬È»ºóתÏòÆäOTÍøÂç²¢°²ÅÅÁËÉÌÓÃÀÕË÷Èí¼þ¡£¡£¡£¡£¡£¡£¸ÃÈí¼þͬʱÔÚITºÍOTÍøÂçÉ϶Թ«Ë¾µÄÊý¾Ý¾ÙÐмÓÃÜ£¬£¬ÒÔ×îºéÁ÷ƽµØÆÆËðÆóÒµ£¬£¬È»ºó²ÅÒªÇóÖ§¸¶Êê½ð¡£¡£¡£¡£¡£¡£¸ÃÀÕË÷Èí¼þ²¢Î´Ó°ÏìÈκÎPLC£¬£¬µ«ÈËÀà²Ù×÷Ô±ÎÞ·¨»ã×ܺͶÁÈ¡Ïà¹Ø¹¤ÒµÀú³ÌÖеÄÊý¾Ý£¬£¬ÀýÈçHMI¡¢Êý¾ÝÀúÊ·¼Í¼ºÍÂÖѯЧÀÍÆ÷£¬£¬´Ó¶øµ¼ÖÂÔ±¹¤ÎÞ·¨ÕÆÎչܵÀÉèÊ©µÄÔËÐÐÇéÐΡ£¡£¡£¡£¡£¡£¹ÜµÀÔËÓªÉÌʵÑéÁË¡°ÓÐÍýÏëµÄ¡¢ÊܿصĹرա±²½·¥£¬£¬ÒÔÔ¤·À²¢×èÖ¹ÈκÎÊÂÎñµÄ±¬·¢¡£¡£¡£¡£¡£¡£CISAÌåÏÖÔËÓªÖÐÖ¹Ò»Á¬ÁËÔ¼Á½Ì죬£¬È»ºó»Ö¸´ÁËÕý³£ÔË×÷¡£¡£¡£¡£¡£¡£CISAûÓÐ͸¶ÀÕË÷Èí¼þµÄÃû³Æ¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.zdnet.com/article/dhs-says-ransomware-hit-us-gas-pipeline-operator/
5¡¢ÒÁÀʺڿÍʹÓÃVPNÈí¼þÎó²î¹¥»÷È«ÇòµÄÆóÒµºÍÕþ¸®»ú¹¹
ƾ֤Çå¾²³§ÉÌClearSkyµÄÒ»·Ý±¨¸æ£¬£¬ÒÁÀʺڿÍÒ»Ö±ÔÚʹÓÃVPNÈí¼þÖеÄÎó²îÔÚÌìϸ÷µØµÄ¹«Ë¾ÖÐÖ²ÈëºóÃÅ£¬£¬ÆäÄ¿µÄº¸ÇIT¡¢µçÐÅ¡¢Ê¯ÓͺÍ×ÔÈ»Æø¡¢º½¿Õ¡¢Çå¾²ÁìÓòµÄ¹«Ë¾ºÍÕþ¸®»ú¹¹¡£¡£¡£¡£¡£¡£ÒÁÀʺڿÍÒѽ«Pulse Secure¡¢Fortinet¡¢Palo Alto NetworksºÍCitrixµÄVPN¶¨Î»ÎªÈëÇÖ´óÐ͹«Ë¾µÄ¹¤¾ß£¬£¬ÆäʹÓõÄÎó²î°üÀ¨Pulse Secure VPN(CVE-2019-11510)¡¢Fortinet FortiOS VPN(CVE-2018-13379)¡¢Palo Alto Networks VPN(CVE-2019-1579)ÒÔ¼°Citrix VPN(CVE-2019-19781)µÈ¡£¡£¡£¡£¡£¡£¶ÔÕâЩϵͳµÄ¹¥»÷ʼÓÚÈ¥ÄêÑ×Ì죬£¬µ«µ½2020ÄêÕâÖÖ¹¥»÷ÈÔÔÚ¼ÌÐø¡£¡£¡£¡£¡£¡£ClearSky±¨¸æÇ¿µ÷£¬£¬¶ÔÈ«ÇòVPNЧÀÍÆ÷µÄ¹¥»÷ËÆºõÊÇÖÁÉÙÈý¸öÒÁÀʺڿÍ×éÖ¯µÄÊÂÇ飬£¬°üÀ¨APT33¡¢APT34ºÍAPT39¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/