Cisco Releases Critical Patch

Ralph DeFrangesco

Cisco Systems has released a patch to fix a critical vulnerability in its CiscoWorks Common Services product. The vulnerability could allow an unauthenticated attacker to access applications and operating system files. Only the Windows version of the product is affected, so Solaris users are safe, for now. Cisco has rated the vulnerability as high. The following products use CiscoWorks Common Services and are affected:

  • Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
  • CiscoWorks Qos Policy Manager versions 4.0 and 4.1
  • CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, and 3.1
  • Cisco Security Manager Versions 3.0, 3.1, and 3.2
  • Cisco TelePresence Readiness Assessment Manager version 1.0
  • CiscoWorks Voice Manager versions 3.0 and 3.1
  • Cisco Works Health and Utilization Monitor versions 1.0 and 1.1
  • Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
  • Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3

 

I spoke to several friends that use this product and they tell me that it is urgent that this patch be installed. The product contains a TFTP directory traversal vulnerability that could give an attacker the ability to modify applications and host operating system files.

 

The patch can be downloaded free from Cisco's site.



Add Comment      Leave a comment on this blog post
May 29, 2009 8:32 AM Christopher Ritchie Christopher Ritchie  says:

Well wouldn't the attacker have to break through the CISCO device first to get to the Windows device with the application?

Unless there are Windows Servers in a vulnerable area with this application, there shouldn't be too much of a panic about this.

Reply
May 29, 2009 8:47 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Christopher Ritchie

Chris,

Thank you for taking the time to reply. CiscoWorks runs on Windows. The vulnerability is in CW and if compromised, an attacker could modify the OS.

-Ralph

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.