In association with heise online

30 May 2008, 09:57

Security update for several Cisco products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco reports a security hole in several of its products that allows an attacker to take control of the system. The cause of the problem is an otherwise undescribed hole in CiscoWorks Common Services that can be exploited via crafted URLs. According to Cisco, the flaw exists in versions 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1 and 3.1.1, which are contained in the following products:

  • Cisco Unified Operations Manager (CUOM) 1.1, 2.0, 2.0.1, 2.0.2 and 2.0.3
  • Cisco Unified Service Monitor (CUSM) 1.1, 2.0 and 2.0.1
  • CiscoWorks QoS Policy Manager (QPM) 4.0, 4.0.1 and 4.0.2
  • CiscoWorks LAN Management Solution (LMS) 2.5, 2.5.1, 2.6, 3.0, 3.1
  • Cisco Security Manager (CSM) 3.0, 3.0.1, 3.0.2, 3.1, 3.1.1 and 3.2
  • Cisco TelePresence Readiness Assessment Manager (CTRAM) 1.0

CiscoWorks Voice Manager (CVM) and Cisco Unified Intelligent Contact Management (ICM) may also be affected.

Cisco is supplying version 3.2 of CiscoWorks Common Services, in which the bug has been fixed, for downloading by registered clients. There are also patches for Windows and Solaris.

See also:

CiscoWorks Common Services Arbitrary Code Execution Vulnerability, vulnerability report from Cisco


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit