ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý »ç¿ëÀÚ ½Ã½ºÅÛ Á¢±Ù Çã¿ë, º¸¾È ±â´É ¿ìȸ µî Ãë¾àÁ¡ ¹ß°ß
½Ã½ºÄÚ Á¦Ç° »ç¿ëÀÚ, Ãë¾àÇÑ Á¦Ç° È®ÀÎÇØ º¸¾È ÆÐÄ¡ Àû¿ëÇؾß
[º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] ½Ã½ºÄÚ(Cisco) Á¦Ç°¿¡¼ ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý »ç¿ëÀÚÀÇ ½Ã½ºÅÛ Á¢±ÙÀ» Çã¿ëÇÏ´Â Ãë¾àÁ¡ µî ´Ù¼öÀÇ Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ´Ù. °ø°ÝÀÚ°¡ Ãë¾àÁ¡À» ÀÌ¿ëÇØ ÇÇÇظ¦ ¹ß»ý ½Ãų ¼ö ÀÖÀ¸¹Ç·Î ½Ã½ºÄÚ Á¦Ç° ÀÌ¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
½Ã½ºÄÚ´Â ÀÚ»ç Á¦Ç°¿¡ ´ëÇØ ´Ù¼öÀÇ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ °øÁöÇϸç, ÇØ´ç Á¦Ç° ÀÌ¿ëÀÚ¿¡°Ô º¸¾È ÆÐÄ¡¸¦ Àû¿ëÇÒ °ÍÀ» ±Ç°íÇß´Ù.
À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº ´ÙÀ½°ú °°´Ù.
¡âCisco Prime Collaboration Provisioning¿¡¼ ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý »ç¿ëÀÚ°¡ JAVA Remote Method Invocation(RMI) ½Ã½ºÅÛ¿¡ Á¢±ÙÀ» Çã¿ëÇÏ´Â RMI Ãë¾àÁ¡(CVE-2018-0321) [1]
¡âCisco IOS XE ¼ÒÇÁÆ®¿þ¾îÀÇ ·Î±×ÀÎ ÀÎÁõ°úÁ¤¿¡¼ À߸øµÈ ¸Þ¸ð¸® »ç¿ëÀ¸·Î ÀÎÇØ °ø°ÝÀÚ°¡ ¿ø°ÝÄڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2018-0315) [2]
¡âCisco Web Security Appliance(WSA)¿¡¼ ±âº» OS SWÀÇ º¯°æÀ¸·Î ¹ß»ýÇÏ´Â º¸¾È ±â´É ¿ìȸ Ãë¾àÁ¡(CVE-2018-0353) [3]
¡âCisco Prime Collaboration Provisioning¿¡¼ »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ SQL Äõ¸®¹®¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â SQL ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2018-0320) [4]
¡âCisco Prime Collaboration Provisioning¿¡¼ PW ÃʱâÈ ¿äû¿¡ ´ëÇÑ À¯È¿¼º °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ¹«´Ü PW ÃʱâÈ Ãë¾àÁ¡(CVE-2018-0318) [5]
¡âCisco Prime Collaboration Provisioning¿¡¼ PW º¹±¸ ¿äû¿¡ ´ëÇÑ À¯È¿¼º °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ¹«´Ü PW º¹±¸ Ãë¾àÁ¡(CVE-2018-0319) [6]
¡âCisco Prime Collaboration Provisioning¿¡¼ À¥ Æ÷Å»ÀÇ Á¢±ÙÅëÁ¦ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â Á¢±ÙÅëÁ¦ ¿ìȸ Ãë¾àÁ¡(CVE-2018-0317) [7]
¡âCisco Prime Collaboration Provisioning¿¡¼ ÀÎÁõµÈ »ç¿ëÀÚ¿¡°Ô ÇÒ´çµÈ ÇïÇÁ µ¥½ºÅ© ¹× »ç¿ëÀÚ °¨µ¶ ¿ªÇÒ¿¡ ´ëÇÑ Á¢±Ù Á¦ÇÑ¿¡ ½ÇÆÐÇÏ¿© ¹ß»ýÇÏ´Â Á¢±ÙÅëÁ¦ Ãë¾àÁ¡(CVE-2018-0322) [8]
¡âCisco Network Services Orchestrator(NSO)¿¡¼ ÀԷ°ª °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ÀÓÀÇ ¸í·É ½ÇÇà Ãë¾àÁ¡(CVE-2018-0274) [9]
¡âCisco IP Phone 6800, 7800, and 8800 ½Ã¸®Áî¿¡¼ Session Initiation Protocol(SIP) È£Ãâ ±â´É¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º°ÅºÎ Ãë¾àÁ¡ (CVE-2018-0316) [10]
¡âCisco Á¦Ç°¿¡¼ ƯÁ¤ ·ÎÄà ÆÄÀÏ °ü¸®ÀÇ Ãë¾à¼ºÀ¸·Î ÀÎÇØ ¿ø°Ý °ø°ÝÀÚ°¡ ³ôÀº µð½ºÅ© »ç¿ë·üÀ» À¯¹ßÇÏ¿© ¹ß»ýÇÏ´Â ¼ºñ½º°ÅºÎ Ãë¾àÁ¡(CVE-2017-6779) [11]
¡âCisco Meeting Server(CMS)¿¡¼ À߸øµÈ ±âº» ÀåÄ¡ ¼³Á¤À¸·Î ÀÎÇØ ³»ºÎ ÀÎÅÍÆäÀ̽º ¹× Æ÷Æ®°¡ ³ëÃâµÉ ¼ö ÀÖ´Â Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2018-0263) [12]
¡âCisco Adaptive Security Appliance(ASA)¿¡¼ HTTP URL¿¡ ´ëÇÑ ÀԷ°ª °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ¼ºñ½º°ÅºÎ Ãë¾àÁ¡(CVE-2018-0296) [13]
¿µÇâÀ» ¹Þ´Â ½Ã½ºÅÛÀº Âü°í»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ Ãë¾àÇÑ Á¦Ç° È®ÀÎÀÌ °¡´ÉÇÏ´Ù.
µû¶ó¼ Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ ½Ã½ºÄÚ ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ ½Ã½ºÄÚ ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
Á»´õ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass
[8]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access
[9]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso
[10]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip
[11]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos
[12]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id
[13]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]
½Ã½ºÄÚ Á¦Ç° »ç¿ëÀÚ, Ãë¾àÇÑ Á¦Ç° È®ÀÎÇØ º¸¾È ÆÐÄ¡ Àû¿ëÇؾß
[º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] ½Ã½ºÄÚ(Cisco) Á¦Ç°¿¡¼ ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý »ç¿ëÀÚÀÇ ½Ã½ºÅÛ Á¢±ÙÀ» Çã¿ëÇÏ´Â Ãë¾àÁ¡ µî ´Ù¼öÀÇ Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ´Ù. °ø°ÝÀÚ°¡ Ãë¾àÁ¡À» ÀÌ¿ëÇØ ÇÇÇظ¦ ¹ß»ý ½Ãų ¼ö ÀÖÀ¸¹Ç·Î ½Ã½ºÄÚ Á¦Ç° ÀÌ¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
[À̹ÌÁö=½Ã½ºÄÚ È¨ÆäÀÌÁö]
½Ã½ºÄÚ´Â ÀÚ»ç Á¦Ç°¿¡ ´ëÇØ ´Ù¼öÀÇ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ °øÁöÇϸç, ÇØ´ç Á¦Ç° ÀÌ¿ëÀÚ¿¡°Ô º¸¾È ÆÐÄ¡¸¦ Àû¿ëÇÒ °ÍÀ» ±Ç°íÇß´Ù.
À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº ´ÙÀ½°ú °°´Ù.
¡âCisco Prime Collaboration Provisioning¿¡¼ ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý »ç¿ëÀÚ°¡ JAVA Remote Method Invocation(RMI) ½Ã½ºÅÛ¿¡ Á¢±ÙÀ» Çã¿ëÇÏ´Â RMI Ãë¾àÁ¡(CVE-2018-0321) [1]
¡âCisco IOS XE ¼ÒÇÁÆ®¿þ¾îÀÇ ·Î±×ÀÎ ÀÎÁõ°úÁ¤¿¡¼ À߸øµÈ ¸Þ¸ð¸® »ç¿ëÀ¸·Î ÀÎÇØ °ø°ÝÀÚ°¡ ¿ø°ÝÄڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2018-0315) [2]
¡âCisco Web Security Appliance(WSA)¿¡¼ ±âº» OS SWÀÇ º¯°æÀ¸·Î ¹ß»ýÇÏ´Â º¸¾È ±â´É ¿ìȸ Ãë¾àÁ¡(CVE-2018-0353) [3]
¡âCisco Prime Collaboration Provisioning¿¡¼ »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ SQL Äõ¸®¹®¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â SQL ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2018-0320) [4]
¡âCisco Prime Collaboration Provisioning¿¡¼ PW ÃʱâÈ ¿äû¿¡ ´ëÇÑ À¯È¿¼º °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ¹«´Ü PW ÃʱâÈ Ãë¾àÁ¡(CVE-2018-0318) [5]
¡âCisco Prime Collaboration Provisioning¿¡¼ PW º¹±¸ ¿äû¿¡ ´ëÇÑ À¯È¿¼º °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ¹«´Ü PW º¹±¸ Ãë¾àÁ¡(CVE-2018-0319) [6]
¡âCisco Prime Collaboration Provisioning¿¡¼ À¥ Æ÷Å»ÀÇ Á¢±ÙÅëÁ¦ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â Á¢±ÙÅëÁ¦ ¿ìȸ Ãë¾àÁ¡(CVE-2018-0317) [7]
¡âCisco Prime Collaboration Provisioning¿¡¼ ÀÎÁõµÈ »ç¿ëÀÚ¿¡°Ô ÇÒ´çµÈ ÇïÇÁ µ¥½ºÅ© ¹× »ç¿ëÀÚ °¨µ¶ ¿ªÇÒ¿¡ ´ëÇÑ Á¢±Ù Á¦ÇÑ¿¡ ½ÇÆÐÇÏ¿© ¹ß»ýÇÏ´Â Á¢±ÙÅëÁ¦ Ãë¾àÁ¡(CVE-2018-0322) [8]
¡âCisco Network Services Orchestrator(NSO)¿¡¼ ÀԷ°ª °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ÀÓÀÇ ¸í·É ½ÇÇà Ãë¾àÁ¡(CVE-2018-0274) [9]
¡âCisco IP Phone 6800, 7800, and 8800 ½Ã¸®Áî¿¡¼ Session Initiation Protocol(SIP) È£Ãâ ±â´É¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º°ÅºÎ Ãë¾àÁ¡ (CVE-2018-0316) [10]
¡âCisco Á¦Ç°¿¡¼ ƯÁ¤ ·ÎÄà ÆÄÀÏ °ü¸®ÀÇ Ãë¾à¼ºÀ¸·Î ÀÎÇØ ¿ø°Ý °ø°ÝÀÚ°¡ ³ôÀº µð½ºÅ© »ç¿ë·üÀ» À¯¹ßÇÏ¿© ¹ß»ýÇÏ´Â ¼ºñ½º°ÅºÎ Ãë¾àÁ¡(CVE-2017-6779) [11]
¡âCisco Meeting Server(CMS)¿¡¼ À߸øµÈ ±âº» ÀåÄ¡ ¼³Á¤À¸·Î ÀÎÇØ ³»ºÎ ÀÎÅÍÆäÀ̽º ¹× Æ÷Æ®°¡ ³ëÃâµÉ ¼ö ÀÖ´Â Á¤º¸ ³ëÃâ Ãë¾àÁ¡(CVE-2018-0263) [12]
¡âCisco Adaptive Security Appliance(ASA)¿¡¼ HTTP URL¿¡ ´ëÇÑ ÀԷ°ª °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ¼ºñ½º°ÅºÎ Ãë¾àÁ¡(CVE-2018-0296) [13]
¿µÇâÀ» ¹Þ´Â ½Ã½ºÅÛÀº Âü°í»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ Ãë¾àÇÑ Á¦Ç° È®ÀÎÀÌ °¡´ÉÇÏ´Ù.
µû¶ó¼ Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ ½Ã½ºÄÚ ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ ½Ã½ºÄÚ ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
Á»´õ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass
[8]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access
[9]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso
[10]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip
[11]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos
[12]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id
[13]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
±è°æ¾Ö±âÀÚ ±â»çº¸±â
[2024-10-31] .jpg)
