Cisco Á¦Ç°±º ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
[º¸¾È´º½º ¹Î¼¼¾Æ] ½Ã½ºÄÚ(Cisco) »ç´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ¿ø°ÝÄÚµå ½ÇÇà, ¼ºñ½º °ÅºÎ µîÀÇ ÇÇÇØ°¡ ¹ß»ýÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù.
¹®Á¦°¡ µÇ´Â º¸¾È Ãë¾àÁ¡Àº ´ÙÀ½°ú °°´Ù.
¡âCisco Ŭ¶ó¿ìµå ¼ºñ½º Ç÷§Æû 2100 Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6373) [1]
¡âCisco Ŭ¶ó¿ìµå ¼ºñ½º Ç÷§Æû 2100 ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2016-6374) [2]
¡âCisco IOS, IOS XE IOX Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6414) [3]
¡âCisco Firepower Management Center ¹× FireSIGHT ½Ã½ºÅÛ ¼ÒÇÁÆ®¿þ¾î SSL ¿ìȸ Ãë¾àÁ¡(CVE-2016-6411) [4]
¡âCisco IOS, IOS XE ¼ÒÇÁÆ®¿þ¾î ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6409) [5]
¡âCisco Prime Home Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2016-6408) [6]
¡âCAF(Cisco Application-hosting Framework) Çì´õ ÁÖÀÔ Ãë¾àÁ¡(CVE-2016-6412) [7]
¡âCisco APIC(Application Policy Infrastructure Controller) ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2016-6413) [8]
¡â´ÙÁß Cisco Á¦Ç°±º Áß°£ÀÚ °ø°Ý Ãë¾àÁ¡(CVE-2015-6358) [9]
½Ã½ºÄÚ Á¦Ç°±º »ç¿ëÀÚ´Â Âü°í»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ Ãë¾àÇÑ Á¦Ç° ¿©ºÎ¸¦ È®ÀÎÇÒ ¼ö ÀÖ°í, Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ ½Ã½ºÄÚ ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ ½Ã½ºÄÚ ÀåºñÀÇ ¿î¿µÀÚ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇÏ¸é µÈ´Ù.
¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇÁö ¾ÊÀº Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â Á¦Ç°Àº º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÉ ¶§±îÁö ´ÙÀ½°ú °°ÀÌ ÁÖÀÇÇØ¾ß ÇÑ´Ù.
¿ì¼± ¡®Cisco IOS, IOS XE IOX Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6414)¡¯ÀÇ °æ¿ì iox ¸í·É¾î ÀԷ°ª¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î ÀÎÇÑ °ÍÀ¸·Î, Á÷Á¢ Á¢±ÙÀÌ ÇÊ¿äÇϱ⠶§¹®¿¡ ¹°¸®Àû Á¢±ÙÅëÁ¦¸¦ ÁؼöÇØ¾ß ÇÑ´Ù. ¡®´ÙÁß Cisco Á¦Ç°±º Áß°£ÀÚ °ø°Ý Ãë¾àÁ¡(CVE-2015-6358)¡¯ÀÇ °æ¿ì SSH, HTTPS¸¦ ÅëÇÑ ÀåÄ¡ °ü¸® ÀÎÅÍÆäÀ̽º¿¡ ´ëÇÑ Á¢±ÙÀ» ½Å·ÚÇÒ ¼ö ÀÖ´Â IP¸¸ Çã¿ëÇϵµ·Ï Á¦ÇÑÇØ¾ß ÇÑ´Ù.
ÀÌ¿Í °ü·ÃÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº ¾Æ·¡ÀÇ Âü°í»çÀÌÆ®¸¦ È®ÀÎÇϰųª Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)·Î ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-1
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-cph
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1
[8]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic
[9]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
[¹Î¼¼¾Æ ±âÀÚ(boan5@boannews.com)]
[º¸¾È´º½º ¹Î¼¼¾Æ] ½Ã½ºÄÚ(Cisco) »ç´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ¿ø°ÝÄÚµå ½ÇÇà, ¼ºñ½º °ÅºÎ µîÀÇ ÇÇÇØ°¡ ¹ß»ýÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù.
¹®Á¦°¡ µÇ´Â º¸¾È Ãë¾àÁ¡Àº ´ÙÀ½°ú °°´Ù.
¡âCisco Ŭ¶ó¿ìµå ¼ºñ½º Ç÷§Æû 2100 Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6373) [1]
¡âCisco Ŭ¶ó¿ìµå ¼ºñ½º Ç÷§Æû 2100 ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2016-6374) [2]
¡âCisco IOS, IOS XE IOX Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6414) [3]
¡âCisco Firepower Management Center ¹× FireSIGHT ½Ã½ºÅÛ ¼ÒÇÁÆ®¿þ¾î SSL ¿ìȸ Ãë¾àÁ¡(CVE-2016-6411) [4]
¡âCisco IOS, IOS XE ¼ÒÇÁÆ®¿þ¾î ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6409) [5]
¡âCisco Prime Home Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2016-6408) [6]
¡âCAF(Cisco Application-hosting Framework) Çì´õ ÁÖÀÔ Ãë¾àÁ¡(CVE-2016-6412) [7]
¡âCisco APIC(Application Policy Infrastructure Controller) ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2016-6413) [8]
¡â´ÙÁß Cisco Á¦Ç°±º Áß°£ÀÚ °ø°Ý Ãë¾àÁ¡(CVE-2015-6358) [9]
½Ã½ºÄÚ Á¦Ç°±º »ç¿ëÀÚ´Â Âü°í»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ Ãë¾àÇÑ Á¦Ç° ¿©ºÎ¸¦ È®ÀÎÇÒ ¼ö ÀÖ°í, Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ ½Ã½ºÄÚ ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ ½Ã½ºÄÚ ÀåºñÀÇ ¿î¿µÀÚ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇÏ¸é µÈ´Ù.
¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇÁö ¾ÊÀº Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â Á¦Ç°Àº º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÉ ¶§±îÁö ´ÙÀ½°ú °°ÀÌ ÁÖÀÇÇØ¾ß ÇÑ´Ù.
¿ì¼± ¡®Cisco IOS, IOS XE IOX Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6414)¡¯ÀÇ °æ¿ì iox ¸í·É¾î ÀԷ°ª¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î ÀÎÇÑ °ÍÀ¸·Î, Á÷Á¢ Á¢±ÙÀÌ ÇÊ¿äÇϱ⠶§¹®¿¡ ¹°¸®Àû Á¢±ÙÅëÁ¦¸¦ ÁؼöÇØ¾ß ÇÑ´Ù. ¡®´ÙÁß Cisco Á¦Ç°±º Áß°£ÀÚ °ø°Ý Ãë¾àÁ¡(CVE-2015-6358)¡¯ÀÇ °æ¿ì SSH, HTTPS¸¦ ÅëÇÑ ÀåÄ¡ °ü¸® ÀÎÅÍÆäÀ̽º¿¡ ´ëÇÑ Á¢±ÙÀ» ½Å·ÚÇÒ ¼ö ÀÖ´Â IP¸¸ Çã¿ëÇϵµ·Ï Á¦ÇÑÇØ¾ß ÇÑ´Ù.
ÀÌ¿Í °ü·ÃÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº ¾Æ·¡ÀÇ Âü°í»çÀÌÆ®¸¦ È®ÀÎÇϰųª Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)·Î ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-1
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-cph
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1
[8]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic
[9]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
[¹Î¼¼¾Æ ±âÀÚ(boan5@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
¹Î¼¼¾Æ±âÀÚ ±â»çº¸±â
[2024-10-31] .jpg)
