{"id":20141,"date":"2020-12-14T22:44:26","date_gmt":"2020-12-14T14:44:26","guid":{"rendered":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/?p=20141"},"modified":"2024-07-03T01:26:18","modified_gmt":"2024-07-02T17:26:18","slug":"%e3%80%90%e6%94%bb%e6%93%8a%e6%b4%bb%e5%8b%95%e9%a0%90%e8%ad%a6%e3%80%91%e7%b6%b2%e8%b7%af%e5%ae%89%e5%85%a8%e5%bb%a0%e5%95%86fireeye%e7%b4%85%e9%9a%8a%e5%ae%89%e5%85%a8%e6%b8%ac%e8%a9%a6%e5%b7%a5","status":"publish","type":"post","link":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/archives\/20141","title":{"rendered":"\u3010\u653b\u64ca\u6d3b\u52d5\u9810\u8b66\u3011\u7db2\u8def\u5b89\u5168\u5ee0\u5546FireEye\u7d05\u968a\u5b89\u5168\u6e2c\u8a66\u5de5\u5177\u906d\u5916\u6d41\uff0c\u5efa\u8b70\u6a5f\u95dc\u5118\u901f\u4fee\u88dc\u8a72\u5957\u5de5\u5177\u6240\u5229\u7528\u4e4bCVE\u5b89\u5168\u6f0f\u6d1e"},"content":{"rendered":"<h3 style=\"text-align: center;\">\u884c\u653f\u9662\u570b\u5bb6\u8cc7\u901a\u5b89\u5168\u6703\u5831\u6280\u8853\u670d\u52d9\u4e2d\u5fc3<\/h3>\n<h3 style=\"text-align: center;\">\u6f0f\u6d1e\/\u8cc7\u5b89\u8a0a\u606f\u8b66\u8a0a<\/h3>\n<table border=\"1\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td width=\"80\"><strong>\u767c\u5e03\u7de8\u865f<\/strong><\/td>\n<td><strong>NCCST-ANA-2020-0134<\/strong><\/td>\n<td width=\"80\"><strong>\u767c\u5e03\u6642\u9593<\/strong><\/td>\n<td><strong>Thu Dec 10 16:56:37 CST 2020<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>\u4e8b\u4ef6\u985e\u578b<\/strong><\/td>\n<td>\u653b\u64ca\u6d3b\u52d5\u9810\u8b66<\/td>\n<td>\u767c\u73fe\u6642\u9593<\/td>\n<td>Wed Dec 09 00:00:00 CST 2020<\/td>\n<\/tr>\n<tr>\n<td><strong>\u8b66\u8a0a\u540d\u7a31<\/strong><\/td>\n<td colspan=\"3\">\u7db2\u8def\u5b89\u5168\u5ee0\u5546FireEye\u7d05\u968a\u5b89\u5168\u6e2c\u8a66\u5de5\u5177\u906d\u5916\u6d41\uff0c<wbr \/>\u5efa\u8b70\u6a5f\u95dc\u5118\u901f\u4fee\u88dc\u8a72\u5957\u5de5\u5177\u6240\u5229\u7528\u4e4bCVE\u5b89\u5168\u6f0f\u6d1e<\/td>\n<\/tr>\n<tr>\n<td><strong>\u5167\u5bb9\u8aaa\u660e<\/strong><\/td>\n<td colspan=\"3\">\u7db2\u8def\u5b89\u5168\u5ee0\u5546FireEye\u65bc12\u67088\u65e5\u516c\u5e03\u8fd1\u65e5\u8a72\u516c\u53f8\u7d05\u968a\u6240\u4f7f<wbr \/>\u7528\u4e4b\u5b89\u5168\u6e2c\u8a66\u5de5\u5177\u906d\u5916\u6d41\uff0c\u9019\u5957\u5de5\u5177\u7121\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u7a0b\u5f0f\uff0c<wbr \/>\u7686\u70ba\u5df2\u5b58\u5728\u4fee\u88dc\u65b9\u5f0f\u4e4bCVE\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n<p>FireEye\u5df2\u5728GitHub\u4e0a\u516c\u958b\u5229\u7528\u8a72\u5957\u5de5\u5177\u5075\u6e2c\u898f\u5247(<wbr \/>\u5305\u542bSnort\u3001Yara\u3001ClamAV\u53caHXIOC)<wbr \/>\u4f9b\u5927\u773e\u53c3\u8003\u4f7f\u7528\u6216\u90e8\u7f72\u3002<\/p>\n<p>\u4ee5\u4e0b\u70ba\u6e2c\u8a66\u5de5\u5177\u6240\u5229\u7528\u4e4b16\u500bCVE\u5b89\u5168\u6f0f\u6d1e\u8207\u5c0d\u61c9\u4e4b\u8a2d\u5099\u6216\u7522\u54c1<wbr \/>\uff1a<\/p>\n<p>1. CVE-2014-1812\u00a0\u2013\u00a0Windows Local Privilege Escalation<\/p>\n<p>2. CVE-2016-0167\u00a0\u2013\u00a0local privilege escalation on older versions of Microsoft Windows<\/p>\n<p>3. CVE-2017-11774\u00a0\u2013\u00a0RCE in Microsoft Outlook via crafted document execution (phishing)<\/p>\n<p>4. CVE-2018-8581 &#8211; Microsoft Exchange Server escalation of privileges<\/p>\n<p>5. CVE-2019-0604\u00a0\u2013\u00a0RCE for Microsoft Sharepoint<\/p>\n<p>6. CVE-2019-0708\u00a0\u2013\u00a0RCE of Windows Remote Desktop Services (RDS)<\/p>\n<p>7. CVE-2020-0688\u00a0\u2013\u00a0Remote Command Execution in Microsoft Exchange<\/p>\n<p>8. CVE-2020-1472\u00a0\u2013\u00a0Microsoft Active Directory escalation of privileges<\/p>\n<p>9. CVE-2019-8394\u00a0\u2013\u00a0arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus<\/p>\n<p>10. CVE-2020-10189\u00a0\u2013\u00a0RCE for ZoHo ManageEngine Desktop Central<\/p>\n<p>11. CVE-2018-13379\u00a0\u2013\u00a0pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN<\/p>\n<p>12. CVE-2018-15961\u00a0\u2013\u00a0RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell)<\/p>\n<p>13. CVE-2019-3398\u00a0\u2013\u00a0Confluence Authenticated Remote Code Execution<\/p>\n<p>14. CVE-2019-11510\u00a0\u2013\u00a0pre-auth arbitrary file reading from Pulse Secure SSL VPNs<\/p>\n<p>15. CVE-2019-11580 &#8211; Atlassian Crowd Remote Code Execution<\/p>\n<p>16. CVE-2019-19781\u00a0\u2013\u00a0RCE of Citrix Application Delivery Controller and Citrix Gateway<\/td>\n<\/tr>\n<tr>\n<td><strong>\u5f71\u97ff\u5e73\u53f0<\/strong><\/td>\n<td colspan=\"3\">\u7121<\/td>\n<\/tr>\n<tr>\n<td><strong>\u5f71\u97ff\u7b49\u7d1a<\/strong><\/td>\n<td colspan=\"3\">\u4e2d<\/td>\n<\/tr>\n<tr>\n<td><strong>\u5efa\u8b70\u63aa\u65bd<\/strong><\/td>\n<td colspan=\"3\">1.\u00a0\u5efa\u8b70\u6a5f\u95dc\u6aa2\u8996\u5167\u90e8\u662f\u5426\u4f7f\u7528\u4e0a\u8ff0\u8a2d\u5099\u6216\u7522\u54c1\uff0c<wbr \/>\u4e26\u78ba\u8a8d\u5176\u4fee\u88dc\u6216\u66f4\u65b0\u72c0\u614b\uff0c\u82e5\u672a\u9032\u884c\u4fee\u88dc\u6216\u66f4\u65b0\u61c9\u76e1\u901f\u5b8c\u6210\uff0c<wbr \/>\u907f\u514d\u672a\u4f86\u53ef\u80fd\u88ab\u4f5c\u70ba\u8a72\u5957\u5de5\u5177\u653b\u64ca\u4e4b\u5c0d\u8c61\u3002<\/p>\n<p>2.\u00a0\u82e5\u672a\u80fd\u5373\u6642\u5b8c\u6210\u4fee\u88dc\u6216\u66f4\u65b0\uff0c<wbr \/>\u5efa\u8b70\u5c07FireEye\u5df2\u5728GitHub\u4e0a\u516c\u958b\u5229\u7528\u8a72\u4e9b\u5de5\u5177\u4e4bSn<wbr \/>ort\u3001Yara\u3001<wbr \/>ClamAV\u6216\u53caHXIOC\u90e8\u7f72\u65bc\u8cc7\u5b89\u9632\u8b77\u8a2d\u5099\u4e2d\uff0c<wbr \/>\u7528\u4ee5\u5075\u6e2c\u6216\u5c01\u9396\u8a72\u5957\u5de5\u5177\u7684\u653b\u64ca\u3002<\/td>\n<\/tr>\n<tr>\n<td><strong>\u53c3\u8003\u8cc7\u6599<\/strong><\/td>\n<td colspan=\"3\">1.\u00a0http:\/\/cs-notices.fireeye.<wbr \/>com\/webmail\/484561\/315422185\/<wbr \/>88b9986cd9e2bb55e59d28a46b0047<wbr \/>0df398125330916b5dffa37f6b987d<wbr \/>e151<\/p>\n<p>2.\u00a0<a href=\"https:\/\/github.com\/fireeye\/red_team_tool_countermeasures\/blob\/master\/CVEs_red_team_tools.md\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/github.com\/fireeye\/red_team_tool_countermeasures\/blob\/master\/CVEs_red_team_tools.md&amp;source=gmail&amp;ust=1608043197789000&amp;usg=AFQjCNEXY8x_G_12Iwu0_mZLV1LvNTcfHA\">https:\/\/github.com\/fireeye\/<wbr \/>red_team_tool_countermeasures\/<wbr \/>blob\/master\/CVEs_red_team_<wbr \/>tools.md<\/a><\/p>\n<p>3.\u00a0<a href=\"https:\/\/github.com\/fireeye\/red_team_tool_countermeasures\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/github.com\/fireeye\/red_team_tool_countermeasures&amp;source=gmail&amp;ust=1608043197789000&amp;usg=AFQjCNFJ-Lx1Dq4geK9mV_0X6Ph1HJk87Q\">https:\/\/github.com\/fireeye\/<wbr \/>red_team_tool_countermeasures<\/a><\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\"><\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\"><strong>\u6b64\u985e\u901a\u544a\u767c\u9001\u5c0d\u8c61\u70ba\u901a\u5831\u61c9\u8b8a\u7db2\u7ad9\u767b\u8a18\u4e4b\u8cc7\u5b89\u4eba\u54e1\u3002\u82e5\u8cb4<\/strong><strong>\u00a0<\/strong><strong>\u55ae\u4f4d\u4e4b\u8cc7<wbr \/>\u5b89\u4eba\u54e1\u6709\u8b8a\u66f4\uff0c\u53ef\u9015\u81ea\u767b\u5165\u901a\u5831\u61c9\u8b8a\u7db2\u7ad9\uff08<\/strong><strong><a href=\"https:\/\/www.ncert.nat.gov.tw\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/www.ncert.nat.gov.tw\/&amp;source=gmail&amp;ust=1608043197789000&amp;usg=AFQjCNH4z5W01YcP-ZCV6weZTbgkqQeaSA\">https:\/\/<wbr \/>www.ncert.nat.gov.tw<\/a><\/strong><strong>\uff09\u9032\u884c\u4fee\u6539\u3002<wbr \/>\u82e5\u60a8\u4ecd\u70ba\u8cb4\u55ae\u4f4d\u4e4b\u8cc7\u5b89\u4eba\u54e1\u4f46\u975e\u672c\u4e8b\u4ef6\u4e4b\u8655\u7406\u4eba\u54e1\uff0c<wbr \/>\u8acb\u5354\u52a9\u5c07\u6b64\u901a\u544a\u544a\u77e5\u76f8\u95dc\u8655\u7406\u4eba\u54e1\u3002<\/strong><\/p>\n<p><strong>\u5982\u679c\u60a8\u5c0d\u6b64\u901a\u544a\u7684\u5167\u5bb9\u6709\u7591\u554f\u6216\u6709\u95dc\u65bc\u6b64\u4e8b\u4ef6\u7684\u5efa\u8b70\uff0c<wbr \/>\u8acb\u52ff\u76f4\u63a5\u56de\u8986\u6b64\u4fe1\u4ef6\uff0c\u8acb\u4ee5\u4e0b\u8ff0\u806f\u7d61\u8cc7\u8a0a\u8207\u6211\u5011\u9023\u7d61\u3002<\/strong><br \/>\n<strong>\u5730<\/strong><strong>\u00a0<\/strong><strong>\u5740\uff1a<\/strong><strong>\u00a0<\/strong><strong>\u53f0\u5317\u5e02\u5bcc\u967d\u8857<\/strong><strong>116<\/strong><strong>\u865f<\/strong><br \/>\n<strong>\u806f\u7d61\u96fb\u8a71\uff1a<\/strong><strong>\u00a002-27339922<\/strong><br \/>\n<strong>\u50b3\u771f\u96fb\u8a71\uff1a<\/strong><strong>\u00a002-27331655<\/strong><br \/>\n<strong>\u96fb\u5b50\u90f5\u4ef6\u4fe1\u7bb1\uff1a<\/strong><strong>\u00a0<a href=\"https:\/\/webmail.ntpc.edu.tw\/cgi-bin\/genMail?adr=service@nccst.nat.gov.tw&amp;\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/webmail.ntpc.edu.tw\/cgi-bin\/genMail?adr%3Dservice@nccst.nat.gov.tw%26&amp;source=gmail&amp;ust=1608043197789000&amp;usg=AFQjCNFYQZPsl2kidlyIppbt9qqs5bsbGg\">service@nccst.nat.gov.<wbr \/>tw<\/a><\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>\u884c\u653f\u9662\u570b\u5bb6\u8cc7\u901a\u5b89\u5168\u6703\u5831\u6280\u8853\u670d\u52d9\u4e2d\u5fc3 \u6f0f\u6d1e\/\u8cc7\u5b89\u8a0a\u606f\u8b66\u8a0a \u767c\u5e03\u7de8\u865f NCCST-ANA-2020-0134 \u767c\u5e03\u6642\u9593 Thu Dec 10 16:56:37 CST 2020 \u4e8b\u4ef6\u985e\u578b \u653b\u64ca\u6d3b\u52d5\u9810\u8b66 \u767c\u73fe\u6642\u9593 Wed Dec 09 00:00:00 CST 2020 \u8b66\u8a0a\u540d\u7a31 \u7db2\u8def\u5b89\u5168\u5ee0\u5546FireEye\u7d05\u968a\u5b89\u5168\u6e2c\u8a66\u5de5\u5177\u906d\u5916\u6d41\uff0c\u5efa\u8b70\u6a5f\u95dc\u5118\u901f\u4fee\u88dc\u8a72\u5957\u5de5\u5177\u6240\u5229\u7528\u4e4bCVE\u5b89\u5168\u6f0f\u6d1e \u5167\u5bb9\u8aaa\u660e \u7db2\u8def\u5b89\u5168\u5ee0\u5546FireEye\u65bc12\u67088\u65e5\u516c\u5e03\u8fd1\u65e5\u8a72\u516c\u53f8\u7d05\u968a\u6240\u4f7f\u7528\u4e4b\u5b89\u5168\u6e2c\u8a66\u5de5\u5177\u906d\u5916\u6d41\uff0c\u9019\u5957\u5de5\u5177\u7121\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u7a0b\u5f0f\uff0c\u7686\u70ba\u5df2\u5b58\u5728\u4fee\u88dc\u65b9\u5f0f\u4e4bCVE\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n<p>FireEye\u5df2\u5728GitHub\u4e0a\u516c\u958b\u5229\u7528\u8a72\u5957\u5de5\u5177\u5075\u6e2c\u898f\u5247(\u5305\u542bSnort\u3001Yara\u3001ClamAV\u53caHXIOC)\u4f9b\u5927\u773e\u53c3\u8003\u4f7f\u7528\u6216\u90e8\u7f72\u3002<\/p>\n<p>\u4ee5\u4e0b\u70ba\u6e2c\u8a66\u5de5\u5177\u6240\u5229\u7528\u4e4b16\u500bCVE\u5b89\u5168\u6f0f\u6d1e\u8207\u5c0d\u61c9\u4e4b\u8a2d\u5099\u6216\u7522\u54c1\uff1a<\/p>\n<p>1. CVE-2014-1812 \u2013 Windows Local Privilege Escalation<\/p>\n<p>2. CVE-2016-0167 \u2013 local privilege escalation on older versions of Microsoft Windows<\/p>\n<p>3. CVE-2017-11774 \u2013 RCE in Microsoft Outlook via crafted document [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/20141"}],"collection":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/comments?post=20141"}],"version-history":[{"count":0,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/20141\/revisions"}],"wp:attachment":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/media?parent=20141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/categories?post=20141"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/tags?post=20141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}