Cisco has released a security advisory to address a vulnerability in CiscoWorks TFTP. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to view or modify application and host operating system files, possibly resulting in arbitrary code execution or a denial-of-service condition. The security advisory indicates that the following Cisco products are affected by this…
Read more at: US-CERT Current Activity
Cisco has released a security advisory to address a vulnerability in CiscoWorks TFTP. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to view or modify application and host operating system files, possibly resulting in arbitrary code execution or a denial-of-service condition. The security advisory indicates that the following Cisco products are affected by this vulnerability:
- Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
- CiscoWorks QoS Policy Manager versions 4.0 and 4.1
- CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0
- Cisco Security Manager versions 3.0, 3.1, and 3.2
- Cisco TelePresence Readiness Assessment Manager version 1.0
- CiscoWorks Voice Manager versions 3.0 and 3.1
- CiscoWorks Heath and Utilization Monitor versions 1.0 and 1.1
- Cisco Unified Operations Manager versions 1.0, 1.1, 2.0 and 2.1
- Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2 and 1.3
US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090520-cw and apply any necessary updates to help mitigate the risks.
Read more at: US-CERT Current Activity