Cisco patches critical vulnerabilities
Cisco has published two advisories related to a flaw which allows remote code execution on systems where its Unified Service Monitor (USM), Unified Operations Manager (UOM) and LAN Management Solution (LMS) software packages are in use. The flaw allows an unauthenticated remote attacker to execute code on servers running the packages and is exposed by sending crafted packets to the server over port 9002.
Cisco says it is unaware, however, of any exploitation of the vulnerability in the wild. Customers will find details of how to obtain fixed versions of the software in the advisories.
All versions of Unified Service Monitor and Unified Operations Manager prior to version 8.6 are vulnerable. LAN Management Solution versions 3.1, 3.2 and 4.0 are also affected by the vulnerability, although 3.1 and 3.2 are only vulnerable when the Device Fault Management component is installed. All installations of 4.0 are vulnerable.
The advisories are: