In association with heise online

15 September 2011, 15:26

Cisco patches critical vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco logo Cisco has published two advisories related to a flaw which allows remote code execution on systems where its Unified Service Monitor (USM), Unified Operations Manager (UOM) and LAN Management Solution (LMS) software packages are in use. The flaw allows an unauthenticated remote attacker to execute code on servers running the packages and is exposed by sending crafted packets to the server over port 9002.

Cisco says it is unaware, however, of any exploitation of the vulnerability in the wild. Customers will find details of how to obtain fixed versions of the software in the advisories.

All versions of Unified Service Monitor and Unified Operations Manager prior to version 8.6 are vulnerable. LAN Management Solution versions 3.1, 3.2 and 4.0 are also affected by the vulnerability, although 3.1 and 3.2 are only vulnerable when the Device Fault Management component is installed. All installations of 4.0 are vulnerable.

The advisories are:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit