Security update for several Cisco products
Cisco reports a security hole in several of its products that allows an attacker to take control of the system. The cause of the problem is an otherwise undescribed hole in CiscoWorks Common Services that can be exploited via crafted URLs. According to Cisco, the flaw exists in versions 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1 and 3.1.1, which are contained in the following products:
- Cisco Unified Operations Manager (CUOM) 1.1, 2.0, 2.0.1, 2.0.2 and 2.0.3
- Cisco Unified Service Monitor (CUSM) 1.1, 2.0 and 2.0.1
- CiscoWorks QoS Policy Manager (QPM) 4.0, 4.0.1 and 4.0.2
- CiscoWorks LAN Management Solution (LMS) 2.5, 2.5.1, 2.6, 3.0, 3.1
- Cisco Security Manager (CSM) 3.0, 3.0.1, 3.0.2, 3.1, 3.1.1 and 3.2
- Cisco TelePresence Readiness Assessment Manager (CTRAM) 1.0
CiscoWorks Voice Manager (CVM) and Cisco Unified Intelligent Contact Management (ICM) may also be affected.
Cisco is supplying version 3.2 of CiscoWorks Common Services, in which the bug has been fixed, for downloading by registered clients. There are also patches for Windows and Solaris.
See also:
CiscoWorks Common Services Arbitrary Code Execution Vulnerability, vulnerability report from Cisco
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
