Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ®...¾Ç¼ºÄÚµå °¨¿° Àü ¾÷µ¥ÀÌÆ® ½ÇÇàÇؾß
[º¸¾È´º½º ¿øº´Ã¶ ±âÀÚ] ¿ö³ÊÅ©¶óÀÌ ·£¼¶¿þ¾î°¡ ÇöÀç ÆÐÄ¡°¡ ¿Ï·áµÈ À©µµ¿ì Ãë¾àÁ¡À» ¹ÙÅÁÀ¸·Î ¸¸µé¾î Á³´Ù´Â »ç½ÇÀ» ¾È´Ù¸é ¾÷ü¿¡¼ ¹ßÇ¥ÇÏ´Â º¸¾È ¾÷µ¥ÀÌÆ®¿¡ ´ëÇÑ »ý°¢ÀÌ Á¶±Ý ´Þ¶óÁú °ÍÀÌ´Ù. ÀÌ·¯ÇÑ °¡¿îµ¥ ´ëÇ¥ÀûÀΠȨÆäÀÌÁö Á¦ÀÛÅøÀÎ ¿öµåÇÁ·¹½º(WordPress)¿Í ´ëÇ¥ÀûÀÎ IT ±â¾÷ ½Ã½ºÄÚ°¡ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ °ø°³Çß´Ù. ÇØ´ç ¼Ö·ç¼Ç °ü¸®ÀÚ´Â ¹Ýµå½Ã º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¼öÇàÇÏ´Â °ÍÀÌ ÇÊ¿äÇÏ´Ù.
WordPress º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
WordPress´Â ºÒÃæºÐÇÑ ¸®´ÙÀÌ·º¼Ç À¯È¿¼º °Ë»ç Ãë¾àÁ¡°ú Å©·Î½º »çÀÌÆ® ½ºÅ©¸³Æà µî 6°¡Áö ¹ö±×¸¦ ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÇÏ´Â °ÍÀÌ ÁÁ´Ù.
¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î´Â ¡âWordPress v4.7.4 ¹× ÀÌÇϹöÀüÀ¸·Î ÇØ°á ¹æ¾ÈÀ¸·Î ¼ÒÇÁÆ®¿þ¾î ÃֽŠ¹öÀüÀ» ¼³Ä¡ÇÏ¸é µÈ´Ù.
.jpg)
[Âü°í»çÀÌÆ®]
[1] https://wordpress.org/news/2017/05/wordpress-4-7-5/
Cisco Á¦Ç°±º Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
Cisco´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ XSS ¹× Á¤º¸ ³ëÃâ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·ÎÀÇ ¾÷µ¥ÀÌÆ®¸¦ ±Ç°íÇß´Ù.
CiscoÀÇ À̹ø º¸¾È ¾÷µ¥ÀÌÆ®´Â Å©°Ô 11Á¾À¸·Î ¡â Cisco FirePOWER System Software¿¡¼ ¹ß»ýÇÏ´Â SSL ·Î±ë ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6632) [1] ¡â Cisco Industrial Ethernet 1000 Series Switches Device Manager¿¡¼ ¹ß»ýÇÏ´Â CSRF Ãë¾àÁ¡(CVE-2017-6634) [2] ¡â Cisco Identity Services Engine GUI¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6653) [3] ¡â Cisco Nexus 5000 Series Switches CLI, Telnet CLI¿¡¼ ¹ß»ýÇÏ´Â Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2017-6649, 6650) [4][5] ¡â Cisco Prime Collaboration Provisioning¿¡¼ Á÷Á¢ °´Ã¼ ÂüÁ¶¸¦ ÅëÇØ ¹ß»ýÇÏ´Â ÀÎÁõ ¿ìȸ, ÀÓÀÇ ÆÄÀÏ »èÁ¦, Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2017-6621, 6622, 6635, 6636, 6637) [6][7][8][9][10] ¡â Cisco Remote Expert Manage¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ, Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2017-6641, 6642, 6643, 6644, 6645, 6646, 6647) [11][12][13][14][15][16][17] ¡â Cisco IP Phone 8851 Session Initiation Protocol¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6630) [18] ¡â Cisco Unified Communications Manager Cross¿¡¼ ¹ß»ýÇÏ´Â XSS Ãë¾àÁ¡(CVE-2017-6654) [19] ¡â Cisco UCS C-Series Rack Servers TCP Port¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6633) [20] ¡â Cisco Policy Suite¿¡¼ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2017-6623) [21] ¡â Cisco TelePresence IX5000 Series¿¡¼ ¹ß»ýÇÏ´Â Á÷Á¢ °´Ã¼ ÂüÁ¶ Ãë¾àÁ¡(CVE-2017-6652) [22] µîÀÌ´Ù.
Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ Cisco ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ Cisco ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2
[8]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3
[9]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4
[10]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp5
[11]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1
[12]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem2
[13]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem3
[14]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4
[15]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem5
[16]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6
[17]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7
[18]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip
[19]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm
[20]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc
[21]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps
[22]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000
[¿øº´Ã¶ ±âÀÚ(boanone@boannews.com)]
[º¸¾È´º½º ¿øº´Ã¶ ±âÀÚ] ¿ö³ÊÅ©¶óÀÌ ·£¼¶¿þ¾î°¡ ÇöÀç ÆÐÄ¡°¡ ¿Ï·áµÈ À©µµ¿ì Ãë¾àÁ¡À» ¹ÙÅÁÀ¸·Î ¸¸µé¾î Á³´Ù´Â »ç½ÇÀ» ¾È´Ù¸é ¾÷ü¿¡¼ ¹ßÇ¥ÇÏ´Â º¸¾È ¾÷µ¥ÀÌÆ®¿¡ ´ëÇÑ »ý°¢ÀÌ Á¶±Ý ´Þ¶óÁú °ÍÀÌ´Ù. ÀÌ·¯ÇÑ °¡¿îµ¥ ´ëÇ¥ÀûÀΠȨÆäÀÌÁö Á¦ÀÛÅøÀÎ ¿öµåÇÁ·¹½º(WordPress)¿Í ´ëÇ¥ÀûÀÎ IT ±â¾÷ ½Ã½ºÄÚ°¡ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ °ø°³Çß´Ù. ÇØ´ç ¼Ö·ç¼Ç °ü¸®ÀÚ´Â ¹Ýµå½Ã º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¼öÇàÇÏ´Â °ÍÀÌ ÇÊ¿äÇÏ´Ù.
WordPress º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
WordPress´Â ºÒÃæºÐÇÑ ¸®´ÙÀÌ·º¼Ç À¯È¿¼º °Ë»ç Ãë¾àÁ¡°ú Å©·Î½º »çÀÌÆ® ½ºÅ©¸³Æà µî 6°¡Áö ¹ö±×¸¦ ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÇÏ´Â °ÍÀÌ ÁÁ´Ù.
¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î´Â ¡âWordPress v4.7.4 ¹× ÀÌÇϹöÀüÀ¸·Î ÇØ°á ¹æ¾ÈÀ¸·Î ¼ÒÇÁÆ®¿þ¾î ÃֽŠ¹öÀüÀ» ¼³Ä¡ÇÏ¸é µÈ´Ù.
¡ã WordPress ¾÷µ¥ÀÌÆ® ¹æ¹ý. ´ë½¬º¸µå(¾Ë¸²ÆÇ) – ¾÷µ¥ÀÌÆ® - Update Now Ŭ¸¯
[Âü°í»çÀÌÆ®]
[1] https://wordpress.org/news/2017/05/wordpress-4-7-5/
Cisco Á¦Ç°±º Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
Cisco´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ XSS ¹× Á¤º¸ ³ëÃâ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·ÎÀÇ ¾÷µ¥ÀÌÆ®¸¦ ±Ç°íÇß´Ù.
CiscoÀÇ À̹ø º¸¾È ¾÷µ¥ÀÌÆ®´Â Å©°Ô 11Á¾À¸·Î ¡â Cisco FirePOWER System Software¿¡¼ ¹ß»ýÇÏ´Â SSL ·Î±ë ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6632) [1] ¡â Cisco Industrial Ethernet 1000 Series Switches Device Manager¿¡¼ ¹ß»ýÇÏ´Â CSRF Ãë¾àÁ¡(CVE-2017-6634) [2] ¡â Cisco Identity Services Engine GUI¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6653) [3] ¡â Cisco Nexus 5000 Series Switches CLI, Telnet CLI¿¡¼ ¹ß»ýÇÏ´Â Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2017-6649, 6650) [4][5] ¡â Cisco Prime Collaboration Provisioning¿¡¼ Á÷Á¢ °´Ã¼ ÂüÁ¶¸¦ ÅëÇØ ¹ß»ýÇÏ´Â ÀÎÁõ ¿ìȸ, ÀÓÀÇ ÆÄÀÏ »èÁ¦, Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2017-6621, 6622, 6635, 6636, 6637) [6][7][8][9][10] ¡â Cisco Remote Expert Manage¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ, Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2017-6641, 6642, 6643, 6644, 6645, 6646, 6647) [11][12][13][14][15][16][17] ¡â Cisco IP Phone 8851 Session Initiation Protocol¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6630) [18] ¡â Cisco Unified Communications Manager Cross¿¡¼ ¹ß»ýÇÏ´Â XSS Ãë¾àÁ¡(CVE-2017-6654) [19] ¡â Cisco UCS C-Series Rack Servers TCP Port¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6633) [20] ¡â Cisco Policy Suite¿¡¼ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2017-6623) [21] ¡â Cisco TelePresence IX5000 Series¿¡¼ ¹ß»ýÇÏ´Â Á÷Á¢ °´Ã¼ ÂüÁ¶ Ãë¾àÁ¡(CVE-2017-6652) [22] µîÀÌ´Ù.
Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ Cisco ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ Cisco ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2
[8]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3
[9]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4
[10]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp5
[11]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1
[12]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem2
[13]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem3
[14]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4
[15]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem5
[16]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6
[17]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7
[18]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip
[19]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm
[20]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc
[21]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps
[22]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000
[¿øº´Ã¶ ±âÀÚ(boanone@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
¿øº´Ã¶±âÀÚ ±â»çº¸±â
[2024-10-31] .jpg)
