Cisco Releases Security Advisory for CiscoWorks TFTP Vulnerability

Cisco has released a security advisory to address a vulnerability in CiscoWorks TFTP. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to view or modify application and host operating system files, possibly resulting in arbitrary code execution or a denial-of-service condition. The security advisory indicates that the following Cisco products are affected by this…

Read more at: US-CERT Current Activity

Cisco has released a security advisory to address a vulnerability in CiscoWorks TFTP. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to view or modify application and host operating system files, possibly resulting in arbitrary code execution or a denial-of-service condition. The security advisory indicates that the following Cisco products are affected by this vulnerability:

• Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
• CiscoWorks QoS Policy Manager versions 4.0 and 4.1
• CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0
• Cisco Security Manager versions 3.0, 3.1, and 3.2
• Cisco TelePresence Readiness Assessment Manager version 1.0
• CiscoWorks Voice Manager versions 3.0 and 3.1
• CiscoWorks Heath and Utilization Monitor versions 1.0 and 1.1
• Cisco Unified Operations Manager versions 1.0, 1.1, 2.0 and 2.1
• Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2 and 1.3

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090520-cw and apply any necessary updates to help mitigate the risks.

Read more at: US-CERT Current Activity