Malicious local users could gain escalated privileges by exploiting a security hole in Cisco Systems Inc.'s Security Agent (CSA). But updates are available to fix the problem, the San Jose, Calif.-based networking giant said in an advisory
CSA software provides threat protection for server and desktop computing systems, Cisco said on its Web site. According to the advisory, "A vulnerability exists in CSA agents that can allow a privilege escalation through locally executed software, providing a normal user or attacker with local system level privileges on a Windows workstation or server running managed or standalone CSA 4.5.0 or 4.5.1 agents."
The vulnerability affects:
- Cisco CSA version 4.5.0 (all builds) managed and standalone agents.
- Cisco CSA version 4.5.1 (all builds) managed and standalone agents.
- Cisco CSA version 4.5.0 (build 573) for CallManager
- Cisco CSA version 4.5.1 (build 628) for CallManager
- Cisco CSA version 4.5.1 (build 616) for Intelligent Contact Management (ICM), IPCC Enterprise and IPCC Hosted.
- Cisco CSA version 4.5.0 (build 573) for Cisco Voice Portal (CVP) 3.0 and 3.1.
Cisco said it has made free software available to address this vulnerability. Update installation details are included in the advisory.
Because it can only be exploited locally, Danish vulnerability clearinghouse Secunia has rated the flaw "less critical."
About this time last year, Cisco patched a minor Security Agent flaw that could be exploited by attackers to circumvent the security provided by the host-based intrusion prevention product.
Additionally, earlier this year Cisco fixed a denial-of-service vulnerability in Security Agent that attackers could exploit by sending a crafted IP packet to a Windows workstation or server running Security Agent 4.5.