금주 취약점 정보

Title: WordPress Releases Security Update 
Description: WordPress has released a security update for its blogging platform bringing the latest version up to 4.7.2. This latest update addresses three security issues with one being a SQL injection vulnerability, another being a cross-site scripting vulnerability, and the last one being a permissions enforcement error. WordPress versions 4.7.1 and earlier are affected by these three vulnerabilities. 
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/ 
Snort SID: Detection pending release of vulnerability information 

Title: Cisco Releases Security Update for WebEx Browser Extension 
Description: Cisco has released a security update for CVE-2017-3823, an arbitrary code execution flaw in the WebEx Browser Extension for Chrome, Firefox, and Internet Explorer. This flaw was previously identified by Tavis Ormandy of Google's Project Zero and patched, but found incomplete. Cisco has released an updated version of the extension for all three browsers. 
Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex 
Snort SID: 41407-41409 

Title: NETGEAR Releases Security Advisory for a Password Recovery and Exposure Vulnerability 
Description: NETGEAR has released a security advisory for CVE-2017-5521, a password recovery and exposure vulnerability found in various NETGEAR home and small office routers. CVE-2017-5521 manifests as a flaw in how the firmware handles login passwords when the password recovery feature is disabled and can exploited via access on the internal network, or if remote management is enabled. NETGEAR has released software updates for various affected models. 
Reference: 
- http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability 
- https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassing-Authentication-on-NETGEAR-Routers/