Cisco releases patch for critical flaw in CiscoWorks

Cisco has released a patch that fixes a vulnerability in CiscoWorks Common Services that could allow an unauthenticated remote attacker to access application and host operating system files. The exploitability of this flaw is rated as high. Note that only CiscoWorks Common Services systems that run on Microsoft Windows are vulnerable. The Solaris version is not affected.

Specifically the following Cisco products that use CiscoWorks Common Services as their base are affected by this vulnerability.

  • Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1

  • CiscoWorks QoS Policy Manager versions 4.0 and 4.1

  • CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, and 3.1

  • Cisco Security Manager versions 3.0, 3.1, and 3.2

  • Cisco TelePresence Readiness Assessment Manager version 1.0

  • CiscoWorks Voice Manager versions 3.0 and 3.1

  • CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1

  • Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1

  • Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3

More from Cisco Subnet:

Winners of the Best of Interop awardsCisco's largesse an opening for Nortel Grid will be Internet x 1000, Cisco saysBeware Cisco of how the mighty fallOld School Hacks: War Dialing with WarVoxCisco Defends the CCNP Wireless AnnouncementCCNP Lab – for $750 plus cablesCCNA Security Official Exam Certification Guide

Win one of 15 copies of

Go to Cisco Subnet for more Cisco news, blogs, videos, security alerts, giveaways. Like e-mail? Subscribe to the Cisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feed

Follow Cisco Subnet on Twitter.
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in