fortinet fortimanager权限提升漏洞
nsfocus id 37450
cve id cve-2015-3617
受影响版本
fortinet fortimanager 5.2.x < 5.2.2
fortinet fortimanager 5.0.x < 5.0.11
漏洞点评
(数据来源:绿盟科技安全研究部&产品规则组)
最近一周cve公告总数与前期相比下降。值得关注的高危漏洞如下:
标题:faketoken evolves and targets taxi booking apps to steal banking info
时间:2017-08-21
摘要:kaspersky discovered a news strain of the mobile banking trojan faketoken that displays overlays on top of taxi booking apps to steal banking information.
链接:http://securityaffairs.co/wordpress/62122/malware/faketoken-targets-taxi-booking.html
标题:hacker published the decryption key for the apple secure enclave security chip
摘要:a hacker thursday afternoon published what he claims to be the decryption key for apple ios’ secure enclave processor (sep) firmware.
链接:http://securityaffairs.co/wordpress/62107/hacking/apple-secure-enclave-key.html
标题:dnssec key signing key rollover
摘要:on october 11, 2017, the internet corporation for assigned names and numbers (icann) will be changing the root zone key signing key (ksk) used in the domain name system (dns) security extensions (dnssec) protocol.
链接:https://www.us-cert.gov/ncas/current-activity/2017/08/21/dnssec-key-signing-key-rollover-0
标题:sony playstation social media accounts hacked; claims psn database breach
摘要:after hacking social media accounts of hbo and its widely watched show game of thrones, a notorious group of hackers calling itself ourmine took control over the official twitter and facebook accounts for sony’s playstation network (psn) on sunday.
链接:http://thehackernews.com/2017/08/sony-playstation-hacking.html?utm_source=feedburner&utm_medium=feed&utm_campaign=feed%3a+thehackersnews+%28the+hackers+news+-+security+blog%29
时间:2017-08-20
摘要:an unknown hacker has so far stolen more than $471,000 worth of ethereum—one of the most popular and increasingly valuable cryptocurrencies—in yet another ethereum hack that hit the popular cryptocurrency investment platform, enigma.
链接:http://thehackernews.com/2017/08/enigma-cryptocurrency-hack.html
标题:fileless cryptocurrency miner coinminer uses nsa eternalblue exploit to spread
时间:2017-08-22
摘要:a new fileless miner dubbed coinminer appeared in the wild, it uses nsa eternalblue exploit and wmi tool to spread.
链接:http://securityaffairs.co/wordpress/62254/cyber-crime/fileless-miner-coinminer.html
摘要:experts found two critical zero-day flaws in the foxit pdf reader that could be exploited by attackers to execute arbitrary code on a targeted computer
链接:http://securityaffairs.co/wordpress/62241/hacking/foxit-pdf-reader-zero-day.html
标题:us navy investigating whether its crashed ship was hacked (updated)
摘要:it’s no surprise that ships can be hacked but did someone hack uss john s. mccain on monday when it collided with an oil tanker near singapore? adm. john richardson thinks so since he has ordered an in-depth investigation into the incident to determine the reason behind the mishap.
链接:https://www.hackread.com/us-navy-investigating-if-uss-john-s-mccain-was-hacked/
标题:android spyware linked to chinese sdk forces google to boot 500 apps
摘要:more than 500 android mobile apps have been removed from google play after it was discovered that an embedded advertising sdk could be leveraged to quietly install spyware on devices.
链接:https://threatpost.com/android-spyware-linked-to-chinese-sdk-forces-google-to-boot-500-apps/127585/
标题:fappening 2017 – private pictures of miley cyrus, stella maxwell, and others leaked
时间:2017-08-23
摘要:fappening 2017 – private pictures of miley cyrus, stella maxwell, kristen stewart, tiger woods and lindsey vonn have been posted online by a celebrity leak website.
链接:http://securityaffairs.co/wordpress/62295/data-breach/fappening-2017.html
标题:man gets 25 years for hacking lottery computers and winning $2.2 million
摘要:in april 2015, it was reported that eddie raymond tipton, a lottery computer programmer from texas was arrested for hacking lottery computers to win $14.3 million jackpot.
链接:https://www.hackread.com/ex-employee-gets-25-years-for-hacking-lottery-computers/
标题:ropemaker exploit allows for changing of email post-delivery
摘要:researchers say a new exploitable attack vector for email, one that could enable the changing of email content content post-delivery, could let attackers bypass security controls and trick victims into clicking through to a malicious site.
链接:https://threatpost.com/ropemaker-exploit-allows-for-changing-of-email-post-delivery/127600/
标题:beware of windows/macos/linux virus spreading through facebook messenger
时间:2017-08-24
摘要:if you came across any facebook message with a video link sent by anyone, even your friend — just don’t click on it.
链接:http://thehackernews.com/2017/08/facebook-virus-hacking.html?utm_source=feedburner&utm_medium=feed&utm_campaign=feed%3a+thehackersnews+%28the+hackers+news+-+security+blog%29
标题:here’s how cia spies on its intelligence liaison partners around the world
摘要:wikileaks has just published another vault 7 leak, revealing how the cia spies on their intelligence partners around the world, including fbi, dhs and the nsa, to covertly collect data from their systems
链接:http://thehackernews.com/2017/08/cia-liaison-spying-software.html
标题:wap billing trojans threaten android users
摘要:several of the pieces of malware targeting android devices in the second quarter of 2017 abused wap billing to help cybercriminals make money, kaspersky reported on thursday
链接:http://www.securityweek.com/wap-billing-trojans-threaten-android-users
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
截止到2017年8月25日,绿盟科技漏洞库已收录总条目达到37478条。本周新增漏洞记录43条,其中高危漏洞数量3条,中危漏洞数量37条,低危漏洞数量3条。
foxit pdf reader任意文件写漏洞(cve-2017-10952)
危险等级:高
bid:100412
cve编号:cve-2017-10952
foxit pdf reader命令注入漏洞(cve-2017-10951)
bid:100409
cve编号:cve-2017-10951
ibm websphere application server本地安全功能绕过漏洞(cve-2017-1382)
危险等级:中
bid:99960
cve编号:cve-2017-1382
graphicsmagick 拒绝服务漏洞(cve-2017-11642)
bid:100395
cve编号:cve-2017-11642
mozilla firefox信息泄露漏洞(cve-2017-7808)
危险等级:低
bid:100373
cve编号:cve-2017-7808
mozilla firefox释放后重利用拒绝服务漏洞(cve-2017-7806)
bid:100389
cve编号:cve-2017-7806
cisco ultra services platform信息泄露漏洞(cve-2017-6778)
bid:100380
cve编号:cve-2017-6778
cisco staros for asr 5000 series routers本地权限提升漏洞(cve-2017-6775)
bid:100381
cve编号:cve-2017-6775
cisco staros for asr 5000 series routers任意文件写漏洞(cve-2017-6774)
bid:100386
cve编号:cve-2017-6774
cisco ultra services framework 信息泄露漏洞(cve-2017-6771)
bid:100385
cve编号:cve-2017-6771
cisco elastic services controller信息泄露漏洞(cve-2017-6772)
bid:100388
cve编号:cve-2017-6772
linux kernel本地拒绝服务漏洞(cve-2017-8831)
bid:99619
cve编号:cve-2017-8831
cisco application policy infrastructure controller权限提升漏洞(cve-2017-6767)
bid:100400
cve编号:cve-2017-6767
bitdefender total security权限提升漏洞(cve-2017-10950)
cve编号:cve-2017-10950
fortinet fortimanager权限提升漏洞(cve-2015-3617)
cve编号:cve-2015-3617
php ‘finish_nested_data()’堆缓冲区溢出漏洞(cve-2017-12933)
bid:99490
cve编号:cve-2017-12933
cisco elastic services controller信息泄露漏洞(cve-2017-6786)
bid:100391
cve编号:cve-2017-6786
graphicsmagick堆缓冲区溢出漏洞(cve-2017-11643)
bid:100357
cve编号:cve-2017-11643
cisco staros for asr 5000 series routers本地命令注入漏洞(cve-2017-6773)
bid:100376
cve编号:cve-2017-6773
cisco unified communications manager远程权限提升漏洞(cve-2017-6785)
bid:100375
cve编号:cve-2017-6785
cisco ultra services framework 跨站脚本漏洞(cve-2017-6776)
bid:100370
cve编号:cve-2017-6776
cisco telepresence video communication server拒绝服务漏洞(cve-2017-6790)
bid:100369
cve编号:cve-2017-6790
cisco elastic services controller信息泄露漏洞(cve-2017-6777)
bid:100390
cve编号:cve-2017-6777
mozilla firefox 内存破坏漏洞(cve-2017-7779)
bid:100201
cve编号:cve-2017-7779
spidercontrol scada web server信息泄露漏洞(cve-2017-12694)
cve编号:cve-2017-12694
spidercontrol scada microbrowser栈缓冲区溢出漏洞(cve-2017-12707)
cve编号:cve-2017-12707
alc webctrl i-vu/sitescan web路径遍历漏洞(cve-2017-9640)
cve编号:cve-2017-9640
alc webctrl i-vu/sitescan web未引用搜索路径漏洞(cve-2017-9644)
cve编号:cve-2017-9644
alc webctrl i-vu/sitescan web文件上传漏洞(cve-2017-9650)
cve编号:cve-2017-9650
adobe digital editions缓冲区溢出漏洞(cve-2017-11274)
bid:100194
cve编号:cve-2017-11274
adobe digital editions xml实体解析信息泄露漏洞(cve-2017-11272)
bid:100193
cve编号:cve-2017-11272
libxml2 缓冲区溢出漏洞(cve-2017-9047)
cve编号:cve-2017-9047
libxml2 堆缓冲区溢出漏洞(cve-2017-9050)
cve编号:cve-2017-9050
libxml2 本地栈缓冲区溢出漏洞(cve-2017-9048)
cve编号:cve-2017-9048
libxml2 堆缓冲区溢出漏洞(cve-2017-9049)
cve编号:cve-2017-9049
adobe digital editions内存破坏漏洞(cve-2017-11280)
bid:100244
cve编号:cve-2017-11280
adobe digital editions内存破坏漏洞(cve-2017-11279)
cve编号:cve-2017-11279
adobe digital editions内存破坏漏洞(cve-2017-11275)
cve编号:cve-2017-11275
adobe digital editions内存破坏漏洞(cve-2017-3091)
cve编号:cve-2017-3091
adobe digital editions内存破坏漏洞(cve-2017-11278)
cve编号:cve-2017-11278
adobe digital editions内存破坏漏洞(cve-2017-11277)
cve编号:cve-2017-11277
adobe digital editions内存破坏漏洞(cve-2017-11276)
cve编号:cve-2017-11276
augeas 内存破坏漏洞(cve-2017-7555)
bid:100378
cve编号:cve-2017-7555
原文发布时间:2017年8月29日
本文由:绿盟科技发布,版权归属于原作者
原文链接:http://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201734
本文来自云栖社区合作伙伴安全加,了解相关信息可以关注安全加网站