December 22, 2014

Cisco Issues New Security Advisories

(LiveHacking.Com) – Cisco has released two security advisories to address vulnerabilities which may allow an unauthenticated attacker to execute arbitrary code. The problems are in the CiscoWorks LAN Management Solution, the Cisco Unified Service Monitor, and the Cisco Unified Operations Manager.

Two vulnerabilities exist in the CiscoWorks LAN Management Solution software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers.

Also, two vulnerabilities exist in the Cisco Unified Service Monitor and Cisco Unified Operations Manager software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers.

In both cases these vulnerabilities can be triggered by sending a series of crafted packets to the affected server over TCP port 9002. Cisco has released free software updates that address all of these vulnerabilities.

Affect products are:

  • CiscoWorks LAN Management Solution software releases 3.1, 3.2, and 4.0.
  • Cisco LAN Management Solution versions 3.1 and 3.2 (only if the Device Fault Management component is installed).
  • Cisco LAN Management Solution versions 4.0.
  • All versions of Cisco Unified Service Monitor and Cisco Unified Operations Manager prior to 8.6.

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks