dcsimg

Cisco Releases Critical Patch

Ralph DeFrangesco

Cisco Systems has released a patch to fix a critical vulnerability in its CiscoWorks Common Services product. The vulnerability could allow an unauthenticated attacker to access applications and operating system files. Only the Windows version of the product is affected, so Solaris users are safe, for now. Cisco has rated the vulnerability as high. The following products use CiscoWorks Common Services and are affected:

  • Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
  • CiscoWorks Qos Policy Manager versions 4.0 and 4.1
  • CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, and 3.1
  • Cisco Security Manager Versions 3.0, 3.1, and 3.2
  • Cisco TelePresence Readiness Assessment Manager version 1.0
  • CiscoWorks Voice Manager versions 3.0 and 3.1
  • Cisco Works Health and Utilization Monitor versions 1.0 and 1.1
  • Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
  • Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3

 

I spoke to several friends that use this product and they tell me that it is urgent that this patch be installed. The product contains a TFTP directory traversal vulnerability that could give an attacker the ability to modify applications and host operating system files.

 

The patch can be downloaded free from Cisco's site.


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.