fortinet fortimanager權限提升漏洞
nsfocus id 37450
cve id cve-2015-3617
受影響版本
fortinet fortimanager 5.2.x < 5.2.2
fortinet fortimanager 5.0.x < 5.0.11
漏洞點評
(資料來源:綠盟科技安全研究部&産品規則組)
最近一周cve公告總數與前期相比下降。值得關注的高危漏洞如下:
标題:faketoken evolves and targets taxi booking apps to steal banking info
時間:2017-08-21
摘要:kaspersky discovered a news strain of the mobile banking trojan faketoken that displays overlays on top of taxi booking apps to steal banking information.
連結:http://securityaffairs.co/wordpress/62122/malware/faketoken-targets-taxi-booking.html
标題:hacker published the decryption key for the apple secure enclave security chip
摘要:a hacker thursday afternoon published what he claims to be the decryption key for apple ios’ secure enclave processor (sep) firmware.
連結:http://securityaffairs.co/wordpress/62107/hacking/apple-secure-enclave-key.html
标題:dnssec key signing key rollover
摘要:on october 11, 2017, the internet corporation for assigned names and numbers (icann) will be changing the root zone key signing key (ksk) used in the domain name system (dns) security extensions (dnssec) protocol.
連結:https://www.us-cert.gov/ncas/current-activity/2017/08/21/dnssec-key-signing-key-rollover-0
标題:sony playstation social media accounts hacked; claims psn database breach
摘要:after hacking social media accounts of hbo and its widely watched show game of thrones, a notorious group of hackers calling itself ourmine took control over the official twitter and facebook accounts for sony’s playstation network (psn) on sunday.
連結:http://thehackernews.com/2017/08/sony-playstation-hacking.html?utm_source=feedburner&utm_medium=feed&utm_campaign=feed%3a+thehackersnews+%28the+hackers+news+-+security+blog%29
時間:2017-08-20
摘要:an unknown hacker has so far stolen more than $471,000 worth of ethereum—one of the most popular and increasingly valuable cryptocurrencies—in yet another ethereum hack that hit the popular cryptocurrency investment platform, enigma.
連結:http://thehackernews.com/2017/08/enigma-cryptocurrency-hack.html
标題:fileless cryptocurrency miner coinminer uses nsa eternalblue exploit to spread
時間:2017-08-22
摘要:a new fileless miner dubbed coinminer appeared in the wild, it uses nsa eternalblue exploit and wmi tool to spread.
連結:http://securityaffairs.co/wordpress/62254/cyber-crime/fileless-miner-coinminer.html
摘要:experts found two critical zero-day flaws in the foxit pdf reader that could be exploited by attackers to execute arbitrary code on a targeted computer
連結:http://securityaffairs.co/wordpress/62241/hacking/foxit-pdf-reader-zero-day.html
标題:us navy investigating whether its crashed ship was hacked (updated)
摘要:it’s no surprise that ships can be hacked but did someone hack uss john s. mccain on monday when it collided with an oil tanker near singapore? adm. john richardson thinks so since he has ordered an in-depth investigation into the incident to determine the reason behind the mishap.
連結:https://www.hackread.com/us-navy-investigating-if-uss-john-s-mccain-was-hacked/
标題:android spyware linked to chinese sdk forces google to boot 500 apps
摘要:more than 500 android mobile apps have been removed from google play after it was discovered that an embedded advertising sdk could be leveraged to quietly install spyware on devices.
連結:https://threatpost.com/android-spyware-linked-to-chinese-sdk-forces-google-to-boot-500-apps/127585/
标題:fappening 2017 – private pictures of miley cyrus, stella maxwell, and others leaked
時間:2017-08-23
摘要:fappening 2017 – private pictures of miley cyrus, stella maxwell, kristen stewart, tiger woods and lindsey vonn have been posted online by a celebrity leak website.
連結:http://securityaffairs.co/wordpress/62295/data-breach/fappening-2017.html
标題:man gets 25 years for hacking lottery computers and winning $2.2 million
摘要:in april 2015, it was reported that eddie raymond tipton, a lottery computer programmer from texas was arrested for hacking lottery computers to win $14.3 million jackpot.
連結:https://www.hackread.com/ex-employee-gets-25-years-for-hacking-lottery-computers/
标題:ropemaker exploit allows for changing of email post-delivery
摘要:researchers say a new exploitable attack vector for email, one that could enable the changing of email content content post-delivery, could let attackers bypass security controls and trick victims into clicking through to a malicious site.
連結:https://threatpost.com/ropemaker-exploit-allows-for-changing-of-email-post-delivery/127600/
标題:beware of windows/macos/linux virus spreading through facebook messenger
時間:2017-08-24
摘要:if you came across any facebook message with a video link sent by anyone, even your friend — just don’t click on it.
連結:http://thehackernews.com/2017/08/facebook-virus-hacking.html?utm_source=feedburner&utm_medium=feed&utm_campaign=feed%3a+thehackersnews+%28the+hackers+news+-+security+blog%29
标題:here’s how cia spies on its intelligence liaison partners around the world
摘要:wikileaks has just published another vault 7 leak, revealing how the cia spies on their intelligence partners around the world, including fbi, dhs and the nsa, to covertly collect data from their systems
連結:http://thehackernews.com/2017/08/cia-liaison-spying-software.html
标題:wap billing trojans threaten android users
摘要:several of the pieces of malware targeting android devices in the second quarter of 2017 abused wap billing to help cybercriminals make money, kaspersky reported on thursday
連結:http://www.securityweek.com/wap-billing-trojans-threaten-android-users
(資料來源:綠盟科技 威脅情報與網絡安全實驗室 收集整理)
截止到2017年8月25日,綠盟科技漏洞庫已收錄總條目達到37478條。本周新增漏洞記錄43條,其中高危漏洞數量3條,中危漏洞數量37條,低危漏洞數量3條。
foxit pdf reader任意檔案寫漏洞(cve-2017-10952)
危險等級:高
bid:100412
cve編号:cve-2017-10952
foxit pdf reader指令注入漏洞(cve-2017-10951)
bid:100409
cve編号:cve-2017-10951
ibm websphere application server本地安全功能繞過漏洞(cve-2017-1382)
危險等級:中
bid:99960
cve編号:cve-2017-1382
graphicsmagick 拒絕服務漏洞(cve-2017-11642)
bid:100395
cve編号:cve-2017-11642
mozilla firefox資訊洩露漏洞(cve-2017-7808)
危險等級:低
bid:100373
cve編号:cve-2017-7808
mozilla firefox釋放後重利用拒絕服務漏洞(cve-2017-7806)
bid:100389
cve編号:cve-2017-7806
cisco ultra services platform資訊洩露漏洞(cve-2017-6778)
bid:100380
cve編号:cve-2017-6778
cisco staros for asr 5000 series routers本地權限提升漏洞(cve-2017-6775)
bid:100381
cve編号:cve-2017-6775
cisco staros for asr 5000 series routers任意檔案寫漏洞(cve-2017-6774)
bid:100386
cve編号:cve-2017-6774
cisco ultra services framework 資訊洩露漏洞(cve-2017-6771)
bid:100385
cve編号:cve-2017-6771
cisco elastic services controller資訊洩露漏洞(cve-2017-6772)
bid:100388
cve編号:cve-2017-6772
linux kernel本地拒絕服務漏洞(cve-2017-8831)
bid:99619
cve編号:cve-2017-8831
cisco application policy infrastructure controller權限提升漏洞(cve-2017-6767)
bid:100400
cve編号:cve-2017-6767
bitdefender total security權限提升漏洞(cve-2017-10950)
cve編号:cve-2017-10950
fortinet fortimanager權限提升漏洞(cve-2015-3617)
cve編号:cve-2015-3617
php ‘finish_nested_data()’堆緩沖區溢出漏洞(cve-2017-12933)
bid:99490
cve編号:cve-2017-12933
cisco elastic services controller資訊洩露漏洞(cve-2017-6786)
bid:100391
cve編号:cve-2017-6786
graphicsmagick堆緩沖區溢出漏洞(cve-2017-11643)
bid:100357
cve編号:cve-2017-11643
cisco staros for asr 5000 series routers本地指令注入漏洞(cve-2017-6773)
bid:100376
cve編号:cve-2017-6773
cisco unified communications manager遠端權限提升漏洞(cve-2017-6785)
bid:100375
cve編号:cve-2017-6785
cisco ultra services framework 跨站腳本漏洞(cve-2017-6776)
bid:100370
cve編号:cve-2017-6776
cisco telepresence video communication server拒絕服務漏洞(cve-2017-6790)
bid:100369
cve編号:cve-2017-6790
cisco elastic services controller資訊洩露漏洞(cve-2017-6777)
bid:100390
cve編号:cve-2017-6777
mozilla firefox 記憶體破壞漏洞(cve-2017-7779)
bid:100201
cve編号:cve-2017-7779
spidercontrol scada web server資訊洩露漏洞(cve-2017-12694)
cve編号:cve-2017-12694
spidercontrol scada microbrowser棧緩沖區溢出漏洞(cve-2017-12707)
cve編号:cve-2017-12707
alc webctrl i-vu/sitescan web路徑周遊漏洞(cve-2017-9640)
cve編号:cve-2017-9640
alc webctrl i-vu/sitescan web未引用搜尋路徑漏洞(cve-2017-9644)
cve編号:cve-2017-9644
alc webctrl i-vu/sitescan web檔案上傳漏洞(cve-2017-9650)
cve編号:cve-2017-9650
adobe digital editions緩沖區溢出漏洞(cve-2017-11274)
bid:100194
cve編号:cve-2017-11274
adobe digital editions xml實體解析資訊洩露漏洞(cve-2017-11272)
bid:100193
cve編号:cve-2017-11272
libxml2 緩沖區溢出漏洞(cve-2017-9047)
cve編号:cve-2017-9047
libxml2 堆緩沖區溢出漏洞(cve-2017-9050)
cve編号:cve-2017-9050
libxml2 本地棧緩沖區溢出漏洞(cve-2017-9048)
cve編号:cve-2017-9048
libxml2 堆緩沖區溢出漏洞(cve-2017-9049)
cve編号:cve-2017-9049
adobe digital editions記憶體破壞漏洞(cve-2017-11280)
bid:100244
cve編号:cve-2017-11280
adobe digital editions記憶體破壞漏洞(cve-2017-11279)
cve編号:cve-2017-11279
adobe digital editions記憶體破壞漏洞(cve-2017-11275)
cve編号:cve-2017-11275
adobe digital editions記憶體破壞漏洞(cve-2017-3091)
cve編号:cve-2017-3091
adobe digital editions記憶體破壞漏洞(cve-2017-11278)
cve編号:cve-2017-11278
adobe digital editions記憶體破壞漏洞(cve-2017-11277)
cve編号:cve-2017-11277
adobe digital editions記憶體破壞漏洞(cve-2017-11276)
cve編号:cve-2017-11276
augeas 記憶體破壞漏洞(cve-2017-7555)
bid:100378
cve編号:cve-2017-7555
原文釋出時間:2017年8月29日
本文由:綠盟科技釋出,版權歸屬于原作者
原文連結:http://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201734
本文來自雲栖社群合作夥伴安全加,了解相關資訊可以關注安全加網站