Vulnerability in Cisco’s Security Agent

Friday, October 28, 2011 @ 01:10 PM gHale


Cisco is advising administrators to update systems following the discovery of a remote code execution vulnerability in Security Agent 6.0.

The flaw could allow an attacker to remotely target the Oracle Outside component for the Fusion Middleware platform to access the Cisco software on Windows systems.

RELATED STORIES
Firewall Among Patches from Cisco
Cisco Patch Day Closes Critical Holes
Cisco Patches IOS Holes
Cisco ISE Vulnerability

Cisco said in a security advisory that successful exploitation would allow an attacker to execute code and control the targeted system with administrator rights.

Cisco released a free patch and is advising customers to obtain the Cisco Security Agent 6.0.2.151 fix through their service provider or hardware retailer. There are no other mitigations for the vulnerability right now.

Proof-of-concept code for the flaw is available, but Cisco has not received any exploitation reports of the vulnerability. No other products or components suffer the same issue.



Leave a Reply

You must be logged in to post a comment.