In association with heise online

29 October 2010, 09:07

Vulnerability in CiscoWorks Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A Cisco bug report warns of a critical vulnerability in the LAN Management Product CiscoWorks. According to the report, a buffer overflow in the web server module of the Common Services component allows for the injection and remote execution of arbitrary code. No prior authentication is required.

The company says that the code runs with system privileges. Normally, the security hole should only play a role in attacks on the LAN. The vulnerability affects CiscoWorks 3.0.5 and later versions for both Solaris and Windows. Version 4.0 and later editions will not contain the flaw. CiscoWorks Common Services ships with Cisco Unified Operations Manager, and is included in Cisco Security Manager and the CiscoWorks LAN Management Solution.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit