개요
Cisco (https://www.cisco.com) 에서는 공급한 제품의 취약점을 해결하는 보안 업데이트를 발표하였습니다. 해당하는 시스템 사용자는 최신 버전으로 업데이트하시길 바랍니다.
대상 제품
Cisco Catalyst Center
Cisco IOS XE Software
Cisco IOS Software
Cisco IOS XE wireless Controller Software
Cisco Adaptive Security Appliance Software
Cisco Catalyst SD-WAN Manager
Cisco IOS XR Software
WLC AireOS Software
이외의 제품들 ([1] 참고)
해결된 취약점
Erlang/OTP SSH Server에서 인증되지 않은 원격 코드 실행 취약점(CVE-2025-32433) [1]
Cisco IOS XE Software의 무선 컨트롤러 소프트웨어 임의 파일 업로드 취약점(CVE-2025-20188) [2]
Cisco IOS XE Software의 서비스 거부 취약점(CVE-2025-20140) [3]
Cisco IOS XE Software의 웹 기반 관리 인터페이스 명령 취약점(CVE-2025-20186) [4]
Cisco IOS Software and Cisco IOS XE Software의 TWAMP 서비스 거부 취약점(CVE-2025-20154) [5]
여러 Cisco 제품의 스위치 통합 보안 기능 DHCPv6 서비스 거부 취약점(CVE-2025-20191) [6]
Cisco Catalyst SD-WAN 관리자 권한 상승 취약점(CVE-2025-20122) [7]
여러 Cisco 제품의 IKEv2 서비스 거부 취약점(CVE-2025-20182) [8]
Cisco IOS XE Software의 불충분한 입력 검증으로 인한 권한 상승 취약점(CVE-2025-20197, CVE-2025-20198, CVE-2025-20199, CVE-2025-20200, CVE-2025-20201) [9]
Cisco IOS XE Software의 소프트웨어 인터넷 키 교환 버전 1 서비스 거부 취약점(CVE-2025-20192) [10]
Cisco IOS XE Software의 DHCP 스투핑 서비스 거부 취약점(CVE-2025-20162) [11]
Cisco IOS Software의 산업용 이더넷 스위치 장치 관리자 권한 상승 취약점(CVE-2025-20164) [12]
Cisco IOS XE Wireless Controller Software의 Cisco Discovery Protocol 서비스 거부 취약점(CVE-2025-20202) [13]
Cisco Catalyst Center의 인증되지 않은 API 액세스 취약점(CVE-2025-20210) [14]
Cisco IOS Software 보안 부팅 우회 취약점(CVE-2025-20181) [15]
Cisco IOS XE Software의 ARP 서비스 거부 취약점(CVE-2025-20210) [16]
취약점 패치
2025년 5월 7일 업데이트를 통해 제품별 취약점 패치가 제공되었습니다. 아래 참고 사이트의 제품별 정보에서 ‘Affecteed Products’와 ‘Fixed Software’ 내용을 참고하여 패치를 적용하시기 바랍니다.
참고 사이트
[1] Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
[2] Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
[3] Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL
[4] Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC
[5] Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn
[6] Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY
[7] Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt
[8] Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2
[9] Cisco IOS XE Software Privilege Escalation Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp
[10] Cisco IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC
[11] Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks
[12] Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3
[13] Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K
[14] Cisco Catalyst Center Unauthenticated API Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM
[15] Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq
[16] Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ