본문 바로가기

취약점 정보1

2020년 주요 취약점 공지

728x90

□ 개요
 o `20년 보안공지 된 취약점 중 업데이트 적용에 대한 재확인이 필요한 주요 취약점 리스트
  ※ 미국 NSA 발표, 랜섬웨어 유포에 악용된 취약점 등 이슈화 된 취약점 선정
 
□ 주요 내용

No구분CVE번호제조사제품명취약점 종류패치정보 및 보안공지
1네트워크CVE-2019-15978 외 10개CiscoData Center Network Manager명령어 삽입 취약점 등[1]
2네트워크CVE-2019-19781CitrixADC, Gateway,SDWAN-WANOP임의코드 실행 취약점[2]
3네트워크CVE-2020-11896CiscoASR 500,5500원격코드 실행 취약점[3]
4운영체제CVE-2020-7247-OpenSMTPD원격코드 실행 취약점[4]
5운영체제CVE-2020-0674MS인터넷 익스플로러원격코드 실행 취약점[5]
6운영체제CVE-2020-0688MS윈도우 Exchange 서버원격코드 실행 취약점[6]
7운영체제CVE-2020-0796MS윈도우SMBv3 원격코드 실행 취약점[7]
8운영체제CVE-2019-14287유닉스/리눅스-sudo 명령어 취약점[8]
9운영체제CVE-2020-1472MS윈도우 서버Netlogon 권한상승 취약점[9]
10가상화CVE-2020-3943 외 2개VMwarevRealize Operations임의코드 실행 취약점 등[10]
11가상화CVE-2020-3952VMwarevCenter Server정보유노출 취약점[11]
12웹서버CVE-2020-1938ApacheTomcat원격코드 실행 취약점[12]
13보안솔루션CVE-2020-7845지란지교시큐리티스팸스나이퍼버퍼오버플로우 취약점[13]
14보안솔루션CVE-2020-25043 외 11개Kaspersky 등 7개사백신프로그램임의파일 삭제 취약점 등[14]
15원격협업CVE-2020-6109 외 1개ZoomZoom임의파일 쓰기 취약점[15]
16원격협업CVE-2020-8207CitrixWorkspace권한 상승 취약점[16]
17원격협업CVE-2020-13699Team ViewerTeamViewer원격코드 실행 취약점[17]
18IoTCVE-2020-10173 외 10개LG 등 9개사공유기, IP카메라 등악성코드 유포, DDoS[18]
19복합기CVE-2018-5924HPHP DesignJet원격코드 실행 취약점[19]
20솔루션CVE-2019-0708 외 24개MS 등 14개사운영체제, 보안솔루션 등임의코드 실행 취약점 등[20]
21솔루션-위즈베라Veraport설치프로그램을 악용한 악성코드 유포[21]
22솔루션-솔라윈즈솔라윈즈 오리온제품 업데이트 과정에서 악성코드 배포 가능[22]

 
[참고사이트]
[1]  tools.cisco.com/security/center/Content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35237
[2]  www.citrix.com/downloads/citrix-adc
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35250
[3]  https://tools.cisco.com/security/center/content/CiscoSecurity/Advisory/cisco-sa-treck-ip-stack-JyBQ5GyC
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35460
[4]  ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35253
[5]  https://portal.msrc.microsoft.com/ko-KR/security-guidance/advisory/CVE-2020-0674
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35267
[6]  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35291
[7]  https://portal.msrc.microsoft.com/ko-kr/security-guidance/advisory/CVE-2020-0796
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35297
[8]  nvd.nist.gov/vuln/detail/CVE-2019-14287#vulnCurrentDescriptionTitle
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35469
[9]  https://portal.msrc.microsoft.com/ko-kr/security-guidance/advisory/CVE-2020-1472
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35747
[10] https://www.vmware.com/security/advisories/VMSA-2020-0003.html
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35274
[11] https://www.vmware.com/security/advisiories/VMSA-2020-0006.html
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35336
[12] tomcat.apache.org/security-7.html
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35292
[13] www.jiransecurity.com
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35378
[14] https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35704
[15] zoom.us/download
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35445
[16] https://support.citrix.com/article/CTX277662
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35533
[17] https://www.teamviewer.com/ko/download/windows/?category.id=en
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35552
[18] https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-variant-expands-arednal-exploits-cve-2020-10173
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35513
[19] https://support.hp.com/us-en/document/c06097712
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35720
[20] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35732
[21] https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35794
[22] https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip
       https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35857

728x90