Vulnerability in CiscoWorks Server
A Cisco bug report warns of a critical vulnerability in the LAN Management Product CiscoWorks. According to the report, a buffer overflow in the web server module of the Common Services component allows for the injection and remote execution of arbitrary code. No prior authentication is required.
The company says that the code runs with system privileges. Normally, the security hole should only play a role in attacks on the LAN. The vulnerability affects CiscoWorks 3.0.5 and later versions for both Solaris and Windows. Version 4.0 and later editions will not contain the flaw. CiscoWorks Common Services ships with Cisco Unified Operations Manager, and is included in Cisco Security Manager and the CiscoWorks LAN Management Solution.
(trk)