News Stay informed about the latest enterprise technology news and product updates.

Cisco patches Security Agent flaw

The networking giant warned in an advisory Tuesday that local users could exploit a hole in its threat protection software.

Malicious local users could gain escalated privileges by exploiting a security hole in Cisco Systems Inc.'s Security...

Agent (CSA). But updates are available to fix the problem, the San Jose, Calif.-based networking giant said in an advisory Tuesday.

CSA software provides threat protection for server and desktop computing systems, Cisco said on its Web site. According to the advisory, "A vulnerability exists in CSA agents that can allow a privilege escalation through locally executed software, providing a normal user or attacker with local system level privileges on a Windows workstation or server running managed or standalone CSA 4.5.0 or 4.5.1 agents."

The vulnerability affects:

  • Cisco CSA version 4.5.0 (all builds) managed and standalone agents.
  • Cisco CSA version 4.5.1 (all builds) managed and standalone agents.
  • Cisco CSA version 4.5.0 (build 573) for CallManager
  • Cisco CSA version 4.5.1 (build 628) for CallManager
  • Cisco CSA version 4.5.1 (build 616) for Intelligent Contact Management (ICM), IPCC Enterprise and IPCC Hosted.
  • Cisco CSA version 4.5.0 (build 573) for Cisco Voice Portal (CVP) 3.0 and 3.1.

Cisco said it has made free software available to address this vulnerability. Update installation details are included in the advisory.

Because it can only be exploited locally, Danish vulnerability clearinghouse Secunia has rated the flaw "less critical."

About this time last year, Cisco patched a minor Security Agent flaw that could be exploited by attackers to circumvent the security provided by the host-based intrusion prevention product.

Additionally, earlier this year Cisco fixed a denial-of-service vulnerability in Security Agent that attackers could exploit by sending a crafted IP packet to a Windows workstation or server running Security Agent 4.5.

Dig Deeper on Endpoint protection and client security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.