2020년 2월 21일 보안정보 스크래핑

2월 21일 보안정보 스크래핑 

==================================================================== 

+ 주요 취약점 - Cisco 제품 취약점 보안 업데이트 권고 외 1건

1. Cisco 제품 취약점 보안 업데이트 권고
Cisco社는 자사 제품의 취약점을 해결한 보안 업데이트 공지
공격자는 해당 취약점을 이용하여 원격코드 실행 등의 피해를 발생시킬 수 있으므로, 해당 제품을 사용하는 이용자들은 최신 버전으로 업데이트 권고
- https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35275

2. Adobe 제품군 보안 업데이트 권고
Adobe社는 자사 제품군의 취약점을 해결한 보안 업데이트 발표
낮은 버전을 사용중인 시스템 사용자는 해결 방안에 따라 최신 버전으로 업데이트 권고
- https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35276

==================================================================== 

+ 취약점 - Apache Tomcat AJP connector code execution (CVE-2020-1938) 외 1건

 1. Apache Tomcat AJP connector code execution (CVE-2020-1938)
Exploit Type: arbitrary code execution
- https://exchange.xforce.ibmcloud.com/vulnerabilities/176562

 2. WordPress 플러그인 취약점
WordPress Yikes Inc Easy Mailchimp Extender 6.6.2 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156459/WordPress-Yikes-Inc-Easy-Mailchimp-Extender-6.6.2-Cross-Site-Scripting.html

WordPress WPForms-Lite 1.5.8.2 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156457/WordPress-WPForms-Lite-1.5.8.2-Cross-Site-Scripting.html

WordPress Wordfence 7.4.6 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156453/WordPress-Wordfence-7.4.6-Cross-Site-Scripting.html

WordPress WooCommerce 3.9.2 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156450/WordPress-WooCommerce-3.9.2-Cross-Site-Scripting.html

WordPress TinyMCE-Advanced 5.3.0 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156448/WordPress-TinyMCE-Advanced-5.3.0-Cross-Site-Scripting.html

WordPress Really-Simple-SSL 3.2.9 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156447/WordPress-Really-Simple-SSL-3.2.9-Cross-Site-Scripting.html

WordPress Prismatic 2.3 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156444/WordPress-Prismatic-2.3-Cross-Site-Scripting.html

WordPress Popup-Builder 3.61.1 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156443/WordPress-Popup-Builder-3.61.1-Cross-Site-Scripting.html

WordPress Ultimate-Member 2.1.3 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156440/WordPress-Ultimate-Member-2.1.3-Cross-Site-Scripting.html

WordPress Jetpack 8.2 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156437/WordPress-Jetpack-8.2-Cross-Site-Scripting.html

WordPress Forminator 1.11.2 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156435/WordPress-Forminator-1.11.2-Cross-Site-Scripting.html

WordPress Forminator 1.11.2 Remote File Upload
Exploit Type: RFI
- https://packetstormsecurity.com/files/156434/WordPress-Forminator-1.11.2-Remote-File-Upload.html

WordPress Events-Manager 5.9.7.3 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156433/WordPress-Events-Manager-5.9.7.3-Cross-Site-Scripting.html

WordPress Default-Featured-Image 1.6.1 Cross Site Scripting
Exploit Type: XSS
- https://packetstormsecurity.com/files/156431/WordPress-Default-Featured-Image-1.6.1-Cross-Site-Scripting.html

==================================================================== 

+ 보안이슈 - 펌웨어 취약점 악용한 공격…"내 노트북이 위험하다" 외 2건 

 1. 펌웨어 취약점 악용한 공격…"내 노트북이 위험하다"
에클립시움 "레노버·델·HP 등 제조 PC 취약" 지적
출처: 아이뉴스24 (http://www.inews24.com/view/1244332)

 2. 작년에 발견된 소프트웨어 취약점의 개수는 2만 2316개
작년에 발견된 취약점은 2만 2천여 개. 작년보다 조금 줄어듦.
오라클, 마이크로소프트, 시스코, 리눅스, IBM, 델 등에서 가장 많은 취약점 나옴.
미국에서는 선거 시스템에서 발견된 취약점이 해결 안 되는 게 가장 큰 문제.
출처: 보안뉴스 (https://www.boannews.com/media/view.asp?idx=86488)

 3. [취재수첩] 데이터3법, 정말로 개인정보보호 약화되나?
출처: 디지털데일리 (http://www.ddaily.co.kr/news/article/?no=192047)

====================================================================