You are here: News >> IT Security News >> Bug for Cisco's TFTP Server Patched
| » IT Security NEWS |
| » 22 May 2009 |
| Bug for Cisco's TFTP Server Patched |
| It was reported a few days ago that there's a bug in CiscoWorks TFTP Server that allows hackers to gain access to system files. Cisco thusly published a patch and update for this particular vulnerability. CiscoWorks Common Services are a common set of administration services that is shared by other CiscoWorks programs. CiscoWorks is composed of a family of products that meet and exceed Internet standards for supervising networks and devices. A lot of CiscoWorks products rely on Common Services for their successful operation. At any rate, Cisco recently confirmed the above reports claiming that CiscoWorks TFTP Server's directory traversal vulnerability permits remote hackers to gain unauthenticated entry and access to arbitrary system files. Hackers could also exploit the vulnerability to invade a system and steal its data. However, Cisco doesn't confirm whether or not a hacker could upload files into a susceptible system. According to Cisco's report, the problem is only present in CiscoWorks Common Services systems that run on the Windows platform. Then again, the TFTP service is enabled automatically. Cisco has designated onto the bug a weak Common Vulnerability Scoring System (CVSS) base score of ten. Products affected by this vulnerability include those that use the CiscoWorks Common Services 3.0.x, 3.1.x, and 3.2.x. The complete list of affected applications is included in the official Cisco advisory. Products unaffected by this security hole include those don't have TFTP services enabled and those that don't use the CiscoWorks Common Services 3.0.x, 3.1.x, and 3.2.x. Moreover, the Solaris version of the application is unaffected by this bug as well. As of this writing, no other Cisco products are known to be susceptible to this vulnerability. Also, soon after Cisco's advisory was published, Cisco has provided an update for CiscoWorks that patches the hole. On the other hand, as the report states above, administrators can disable TFTP services in the meantime before the update is applied. A more comprehensive guide in dealing with the bug can be found in Cisco's original report. The CiscoWorks Common Services Software Patch can be downloaded at Cisco's official website. Customers should be certain that their current software and hardware configurations will continue to be properly supported by the new release and make sure that the devices to be upgraded contain sufficient memory for the update. If any information contained within this news article is unclear, feel free to contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for added support. |
 |
| 24 Hour Open Web Shop Got a Question? - Call us! |
|
| EU: | +45-70-235-245 |
| US Toll Free: | +1-888-704-7297 |
| Sent us an Email! | |
Get a Free Vulnerability Scan
Get a Free SEO Blackhat Scan
| : | |||
 |
SecPoint News | ||||||
|
View More... | ||||||
|
Customer References | |||
|
||||
| View More... | ||||
|
Product Awards | |||
|
||||
| View More... | ||||
Privacy Statement |
Link Policy |
User Policy |
IT Security Blog |
IT Security Forum
| SecPoint Pictures
Event Pictures | Exploit Archive | IT Security Web Shop | Vulnerability Library
IT Security Video | Sitemap
© Copyright 1999-2010: SecPoint®
SecPoint ApS - Lergravsvej 53 - 2300 Copenhagen S - Phone +45 70 235 245
Event Pictures | Exploit Archive | IT Security Web Shop | Vulnerability Library
IT Security Video | Sitemap
© Copyright 1999-2010: SecPoint®
SecPoint ApS - Lergravsvej 53 - 2300 Copenhagen S - Phone +45 70 235 245
| Recent awards | Compatible with | Visit us on Facebook! | Visit us on LinkedIn! | Visit us on Myspace! | |||||
 |
 |
 |
 |
 |
 Group! |
|
 Follow us on Twitter! |
||
Anti-Spam Appliance - Anti-Spam Firewall - Unified Threat Management Appliance
Anti-Virus - Web Filter Appliance - Anti Spam Appliance - Anti Spam Firewall - UTM Appliance Wifi Security - Wifi Pen Test - Wifi Crack - Wifi Hack - Wifi Audit - Wep Wpa2 Crack
Vulnerability Scanner - Vulnerability Assessment - Security Scanner - Pen Test Appliance