From the advisory, specific CSA versions and components are vulnerable to SQL injection and directory traversal (allowing unauthorized config changes for instance), as well as a DOS (Denial of Service) condition. Cisco Security Agent releases 5.1, 5.2 and 6.0 are affected by the SQL injection vulnerability. Only Cisco Security Agent release 6.0 is affected by the directory traversal vulnerability. Only Cisco Security Agent release 5.2 is affected by the DoS vulnerability. Note: Only the Management Center for Cisco Security Agents is affected by the directory traversal and SQL injection vulnerabilities. The agents installed on user end-points are not affected. Only Cisco Security Agent release 5.2 for Windows and Linux, either managed or standalone, are affected by the DoS vulnerability. The full advisory, including a matrix of vulnerable and fixed versions, can be found here ==> http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml =============== Rob VandenBrink Metafore =============== |
Rob VandenBrink 578 Posts ISC Handler Feb 17th 2010 |
Thread locked Subscribe |
Feb 17th 2010 1 decade ago |
Revision 1.2 from Cisco
Last Updated 2010 February 19 1000 UTC (GMT) The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability. |
Anonymous |
Quote |
Feb 22nd 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!