[SingCERT] Cisco Products Remote Code Execution Vulnerabilities

[ Summary ]

Cisco has released two security advisories to address two vulnerabilities affecting CiscoWorks LAN Management Solution, Cisco Unified Service Monitor and Cisco Unified Operations Manager software.

[ Affected Systems ]

• CiscoWorks LAN Management Solution versions 3.1, 3.2, and 4.0
• Cisco Unified Service Monitor and Cisco Unified Operations Manager prior to version 8.6

[ Impact Analysis ]

These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers.

[ Solution/Workaround ]

Updates are available. Please refer to the advisories provided by Cisco.

[ Reference ]

• http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml
• http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml