Cisco has released a patch that fixes a vulnerability in CiscoWorks Common Services that could allow an unauthenticated remote attacker to access application and host operating system files. The exploitability of this flaw is rated as high. Note that only CiscoWorks Common Services systems that run on Microsoft Windows are vulnerable. The Solaris version is not affected.
Specifically the following Cisco products that use CiscoWorks Common Services as their base are affected by this vulnerability.
* Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
* CiscoWorks QoS Policy Manager versions 4.0 and 4.1
* CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, and 3.1
* Cisco Security Manager versions 3.0, 3.1, and 3.2
* Cisco TelePresence Readiness Assessment Manager version 1.0
* CiscoWorks Voice Manager versions 3.0 and 3.1
* CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1
* Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
* Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3