Cisco Systems has released a patch to fix a critical vulnerability in its CiscoWorks Common Services product. The vulnerability could allow an unauthenticated attacker to access applications and operating system files. Only the Windows version of the product is affected, so Solaris users are safe, for now. Cisco has rated the vulnerability as high. The following products use CiscoWorks Common Services and are affected:
I spoke to several friends that use this product and they tell me that it is urgent that this patch be installed. The product contains a TFTP directory traversal vulnerability that could give an attacker the ability to modify applications and host operating system files.
The patch can be downloaded free from Cisco's site.