绿盟科技网络安全威胁周报及月报系列,旨在简单而快速有效的传递安全威胁态势,呈现重点安全漏洞、安全事件、安全技术。
一. 互联网安全威胁态势
1.1 CVE统计
最近一周CVE公告总数与前期相比明显回落。
1.2 威胁信息回顾
-
- 标题:Android Flaw Lets Attackers Capture Screen and Record Audio
- 时间:2017-11-20
- 摘要:If your Android smartphone has Lolipop, Nougat or Marshmallow, then there is every reason for you to feel alarmed because the MediaProjection service can be exploited due to a critical flaw. The service is designed to capture user’s screen and record system audio. Since a majority of Android devices nowadays have these three versions of the OS, therefore, around 77.5% of the Android devices are at risk.
- 链接:https://www.hackread.com/android-flaw-lets-attacker-capture-screen-record-audio/
- 标题:Intel Firmware Vulnerability
- 时间:2017-11-21
- 摘要:Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.
- 链接:https://www.us-cert.gov/ncas/current-activity/2017/11/21/Intel-Firmware-Vulnerability
- 标题:Android Flaw Lets Attackers Capture Screen and Record Audio
-
- 标题:US-CERT WARNS OF ASLR IMPLEMENTATION FLAW IN WINDOWS
- 时间:2017-11-20
- 摘要:The U.S. Computer Emergency Readiness Team is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10. The vulnerability could allow a remote attacker to take control of an affected system.
- 链接:https://threatpost.com/us-cert-warns-of-aslr-implementation-flaw-in-windows/128948/
- 标题:Uber Paid Hackers $100k to Hide Massive Theft of 75M Accounts
- 时间:2017-11-22
- 摘要:It’s surprising to some and shocking to many. Despite a rough phase that the US-based ride-hailing service has been passing through amidst allegations of sexual harassment, federal criminal probes, and trade secrets theft lawsuit, we did believe in the legitimacy of Uber as a service provider. However, Bloomberg has burst the bubble for Uber users. According to its report, Uber Technologies Inc. paid off $100,000 to hackers for hiding the massive data breach which exposed private details of around 75 million Uber accounts.
- 链接:https://www.hackread.com/uber-paid-hackers-to-hide-massive-theft-of-75m-accounts/
- 标题:US-CERT WARNS OF ASLR IMPLEMENTATION FLAW IN WINDOWS
-
- 标题:Flaw in F5 Products Allows Recovery of Encrypted Data
- 时间:2017-11-20
- 摘要:A crypto vulnerability affecting some F5 Networks products can be exploited by a remote attacker for recovering encrypted data and launching man-in-the-middle (MitM) attacks, the company told customers on Friday.
- 链接:http://www.securityweek.com/flaw-f5-products-allows-recovery-encrypted-data?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
- 标题:Global Cyber Alliance launched the Quad9 DNS service to secure your online experience
- 时间:2017-11-20
- 摘要:Global Cyber Alliance launched the Quad9 DNS service, the free DNS service to secure your online experience and protect your privacy.
- 链接:http://securityaffairs.co/wordpress/65777/security/quad9-dns-service.html
- 标题:Flaw in F5 Products Allows Recovery of Encrypted Data
- 标题:Experts found a way to exploit HP Enterprise printers to hack into company networks
- 时间:2017-11-22
- 摘要:Researchers at FoxGlove Security have found a potentially serious remote code execution vulnerability in some of HP’s enterprise printers.
- 链接:http://securityaffairs.co/wordpress/65892/hacking/hp-printers-hacking.html
- 标题:ProtonMail Contacts – ProtonMail launches world’s first encrypted contacts manager
- 时间:2017-11-22
- 摘要:ProtonMail launched ProtonMail Contacts, the world’s first contact manager with both zero-access encryption and digital signature verification
- 链接:http://securityaffairs.co/wordpress/65884/digital-id/protonmail-contacts.html
- 标题:OpenStack Swauth爆出身份验证绕过漏洞CVE-2017-16613 可未授权操作
- 时间:2017-11-23
- 摘要:OpenStack Swauth爆出 身份验证绕过漏洞 ,CVEID为CVE-2017-16613 ,攻击者可以利用此问题绕过身份验证机制并执行未经授权的操作。这可能有助于进一步攻击。受影响产品包括OpenStack swauth 1.2.0、OpenStack swauth 1.1.0
- 链接:http://toutiao.secjia.com/openstack-abypass-cve-2017-16613
- 标题:Samba任意代码执行漏洞CVE-2017-14746 可执行任意代码 失败了还可DoS
- 时间:2017-11-22
- 摘要:Samba又爆出 任意代码执行漏洞 ,CVEID CVE-2017-14746。允许攻击者在受影响的应用程序上下文中执行任意代码。失败的攻击将导致拒绝服务条件。只有Samba Samba 4.7.3 、Samba Samba 4.6.11 、Samba Samba 4.5.15 不受影响
- 链接:http://toutiao.secjia.com/samba-ace-cve-2017-14746
- 标题:加密货币Tether公司被黑客攻击 价值3100万美元代币被窃
- 时间:2017-11-22
- 摘要:北京时间21日彭博称,比特币创一周最大跌幅,加密货币Tether公司网站周二发布的一则公告, 这些代币于11月19日从Tether Treasury钱包被盗,被发送到了一个未经授权的比特币地址。 该公司表示,不会赎回被盗的代币,不过正在试图阻止被盗数字货币进入他们的代币生态系统。
- 链接:http://toutiao.secjia.com/tether-hacked
- 标题:Curing The Security Sickness in Medical Devices
- 时间:2017-11-22
- 摘要:Just as the rapid development of the Internet of Things (IoT) has transformed traditional industries and service sectors, it is also having a great impact in the world of healthcare. It’s easy to argue, in fact, that no area is being transformed by digital technologies as rapidly or with as many benefits for society as new medical technologies.
- 链接:http://www.securityweek.com/curing-security-sickness-medical-devices?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
- 标题:工信部发布《公共互联网网络安全突发事件应急预案》工信部网安(2017)281号
- 时间:2017-11-23
- 摘要:11月23日下午消息,工业和信息化部今日印发《公共互联网网络安全突发事件应急预案》。要求部应急办和各省(自治区、直辖市)通信管理局应当及时汇总分析突发事件隐患和预警信息,发布预警信息时,应当包括预警级别、起始时间、可能的影响范围和造成的危害、应采取的防范措施、时限要求和发布机关等,并公布咨询电话。
- 链接:http://toutiao.secjia.com/internet-security-emergency-plan
- 标题:拧紧保护学生个人信息这根弦 严禁公示个人敏感信息
- 时间:2017-11-23
- 摘要:20日,安全加转载 多地高校国家奖学金名单公示,泄露学生个人信息包括身份证号码 。很多人不以为然,表示“学校历来如此,还要你搞技术的提醒?”但教育部还是重视学生 个人数据泄露这个事情的。
- 链接:http://toutiao.secjia.com/moe-protects-students-privacy
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
二. 漏洞研究
2.1 漏洞库统计
截止到2017年11月24日,绿盟科技漏洞库已收录总条目达到38088条。本周新增漏洞记录50条,其中高危漏洞数量16条,中危漏洞数量21条,低危漏洞数量13条。
- Node.js 拒绝服务漏洞(CVE-2017-14919)
- 危险等级:中
- BID:101881
- cve编号:CVE-2017-14919
- Libav smacker_decode_tree函数拒绝服务漏洞(CVE-2017-16803)
- 危险等级:中
- BID:101882
- cve编号:CVE-2017-16803
- Cisco Umbrella Insights Virtual Appliance本地权限提升漏洞(CVE-2017-12350)
- 危险等级:中
- BID:101879
- cve编号:CVE-2017-12350
- Linux kernel本地拒绝服务漏洞(CVE-2017-15115)
- 危险等级:低
- BID:101877
- cve编号:CVE-2017-15115
- Apache Camel反序列化远程代码执行漏洞(CVE-2017-12634)
- 危险等级:中
- BID:101876
- cve编号:CVE-2017-12634
- Oracle Tuxedo远程安全漏洞(CVE-2017-10267)
- 危险等级:高
- BID:101875
- cve编号:CVE-2017-10267
- Oracle Tuxedo远程安全漏洞(CVE-2017-10272)
- 危险等级:高
- BID:101871
- cve编号:CVE-2017-10272
- Oracle Tuxedo远程安全漏洞(CVE-2017-10278)
- 危险等级:高
- BID:101870
- cve编号:CVE-2017-10278
- Apache Karaf本地拒绝服务漏洞(CVE-2014-0219)
- 危险等级:中
- BID:101872
- cve编号:CVE-2014-0219
- Apache Camel反序列化远程代码执行漏洞(CVE-2017-12633)
- 危险等级:中
- BID:101874
- cve编号:CVE-2017-12633
- Apache CouchDB远程权限提升漏洞(CVE-2017-12635)
- 危险等级:高
- BID:101868
- cve编号:CVE-2017-12635
- FreeBSD 本地权限提升漏洞(CVE-2017-1087)
- 危险等级:低
- BID:101867
- cve编号:CVE-2017-1087
- IBM Business Process Manager拒绝服务漏洞(CVE-2017-1628)
- 危险等级:低
- BID:101900
- cve编号:CVE-2017-1628
- FreeBSD 本地信息泄露漏洞(CVE-2017-1086)
- 危险等级:低
- BID:101861
- cve编号:CVE-2017-1086
- Cisco IOS/IOS XE Software跨站脚本漏洞(CVE-2017-12304)
- 危险等级:中
- BID:101856
- cve编号:CVE-2017-12304
- Cisco IP Phone 8800 Series本地命令注入漏洞(CVE-2017-12305)
- 危险等级:中
- BID:101869
- cve编号:CVE-2017-12305
- Node.js ejs ‘ejs.renderFile()’函数远程代码执行漏洞(CVE-2017-1000228)
- 危险等级:中
- BID:101897
- cve编号:CVE-2017-1000228
- OpenSAML DynamicMetadataProvider类安全功能绕过漏洞(CVE-2017-16853)
- 危险等级:低
- BID:101898
- cve编号:CVE-2017-16853
- Cisco FindIT Discovery Utility不安全库加载漏洞(CVE-2017-12314)
- 危险等级:中
- BID:101896
- cve编号:CVE-2017-12314
- Symantec Management Console目录遍历漏洞(CVE-2017-15527)
- 危险等级:低
- BID:101743
- cve编号:CVE-2017-15527
- Cisco Network Analysis Module Software目录遍历漏洞(CVE-2017-12285)
- 危险等级:中
- BID:101527
- cve编号:CVE-2017-12285
- IBM Rational DOORS Next Generation多个跨站脚本漏洞
- 危险等级:中
- BID:101895
- cve编号:CVE-2017-1593,CVE-2017-1546,CVE-2017-1560,CVE-2017-1678,CVE-2017-1461
- IBM WebSphere Commerce信息泄露漏洞(CVE-2017-1484)
- 危险等级:中
- BID:101894
- cve编号:CVE-2017-1484
- Node.js ejs ‘ejs.renderFile()’函数拒绝服务漏洞(CVE-2017-1000189)
- 危险等级:中
- BID:101893
- cve编号:CVE-2017-1000189
- Varnish Cache信息泄露漏洞(CVE-2017-8807)
- 危险等级:中
- BID:101886
- cve编号:CVE-2017-8807
- Fortinet Fortiweb HTML注入漏洞(CVE-2017-7736)
- 危险等级:中
- BID:101916
- cve编号:CVE-2017-7736
- Cisco ASA Next-Generation Firewall Services远程安全限制绕过漏洞(CVE-2017-12299)
- 危险等级:中
- BID:101915
- cve编号:CVE-2017-12299
- Symantec Norton Security for Mac证书欺骗洞(CVE-2017-15528)
- 危险等级:低
- BID:101796
- cve编号:CVE-2017-15528
- Moodle信息泄露漏洞(CVE-2017-15110)
- 危险等级:低
- BID:101909
- cve编号:CVE-2017-15110
- Linux kernel ‘block/bio.c’本地信息泄露漏洞(CVE-2017-12190)
- 危险等级:低
- BID:101911
- cve编号:CVE-2017-12190
- Cisco Spark Board签名验证绕过漏洞(CVE-2017-12306)
- 危险等级:中
- BID:101914
- cve编号:CVE-2017-12306
- Samba 信息泄露漏洞(CVE-2017-15275)
- 危险等级:高
- BID:101908
- cve编号:CVE-2017-15275
- Cisco HyperFlex System本地信息泄露骗洞(CVE-2017-12315)
- 危险等级:中
- BID:101864
- cve编号:CVE-2017-12315
- IBM Tivoli Monitoring任意代码执行漏洞(CVE-2017-1635)
- 危险等级:中
- BID:101905
- cve编号:CVE-2017-1635
- Samba 任意代码执行洞(CVE-2017-14746)
- 危险等级:高
- BID:101907
- cve编号:CVE-2017-14746
- VMware多个产品本地任意代码执行漏洞(CVE-2017-4935)
- 危险等级:高
- BID:101902
- cve编号:CVE-2017-4935
- VMware多个产品本地堆缓冲区溢出漏洞(CVE-2017-4934)
- 危险等级:高
- BID:101903
- cve编号:CVE-2017-4934
- libbpg ‘cudata.cpp’空指针间接引用拒绝服务漏洞(CVE-2017-13135)
- 危险等级:低
- BID:101929
- cve编号:CVE-2017-13135
- Intel Manageability Engine本地权限提升漏洞(CVE-2017-5708)
- 危险等级:高
- BID:101921
- cve编号:CVE-2017-5708
- Intel Manageability Engine本地缓冲区溢出漏洞(CVE-2017-5705)
- 危险等级:高
- BID:101917
- cve编号:CVE-2017-5705
- Intel Manageability Engine多个本地缓冲区溢出漏洞(CVE-2017-5706)
- 危险等级:高
- cve编号:CVE-2017-5706
- Intel Manageability Engine远程缓冲区溢出漏洞(CVE-2017-5712)
- 危险等级:高
- BID:101920
- cve编号:CVE-2017-5712
- Intel Manageability Engine多个本地缓冲区溢出漏洞(CVE-2017-5711)
- 危险等级:高
- BID:101918
- cve编号:CVE-2017-5711
- Intel Manageability Engine多个本地缓冲区溢出漏洞(CVE-2017-5709)
- 危险等级:高
- cve编号:CVE-2017-5709
- Intel Trusted Execution Engine 本地缓冲区溢出漏洞(CVE-2017-5707)
- 危险等级:高
- BID:101919
- cve编号:CVE-2017-5707
- Intel Trusted Execution Engine 本地缓冲区溢出漏洞(CVE-2017-5710)
- 危险等级:高
- BID:101922
- cve编号:CVE-2017-5710
- QEMU ‘hw/input/ps2.c’ 信息泄露漏洞(CVE-2017-16845)
- 危险等级:低
- BID:101923
- cve编号:CVE-2017-16845
- FFmpeg多个拒绝服务漏洞(CVE-2017-16840)
- 危险等级:低
- BID:101924
- cve编号:CVE-2017-16840
- EMC RSA Authentication Manager HTML注入漏洞(CVE-2017-14379)
- 危险等级:中
- BID:101925
- cve编号:CVE-2017-14379
- Infinispan ‘hotrod java’ 客户端远程代码执行漏洞(CVE-2016-0750)
- 危险等级:低
- BID:101910
- cve编号:CVE-2016-0750
(数据来源:绿盟科技安全研究部&产品规则组)
2.2 焦点漏洞
- 焦点漏洞
- Fortinet Fortiweb HTML注入漏洞
- NSFOCUS ID
- 38064
- CVE ID
- CVE-2017-7736
- 受影响版本
- Fortinet Fortiweb < 5.8.1版本
- Fortinet Fortiweb < 5.7.2版本
- 漏洞点评
- FortiWeb是Fortinet公司开发的一款web应用层防火墙。在5.8.1和5.7.2之前的版本中存在HTML注入漏洞,成功利用后可使攻击者在受影响站点上下文中执行HTML及脚本代码。请使用该产品的用户及时排查是否受到影响,如受影响及时到厂商网站下载更新程序,修复此漏洞。
(数据来源:绿盟科技安全研究部&产品规则组)