Cisco is advising administrators to update systems following the discovery of a remote code execution vulnerability in Security Agent 6.0.
The flaw could allow an attacker to remotely target the Oracle Outside component for the Fusion Middleware platform to access the Cisco software on Windows systems.
Cisco said in a security advisory that successful exploitation would allow the attacker to execute code and control the targeted system with administrator rights.
Cisco has released a free patch and is advising customers to obtain the Cisco Security Agent 22.214.171.124 fix through their service provider or hardware retailer. No other mitigations for the vulnerability are known.
Proof-of-concept code for the flaw has been posted, but Cisco has not received any reports of the vulnerability being exploited in the wild. No other products or components are believed to be affected.
The fix follows recent patches from Microsoft and Oracle. The Microsoft monthly patch included fixes for Silverlight and Internet Explorer, while the Oracle update contained 56 patches addressing issues in Fusion Middleware, Linux and Sun software platforms.
Japanese researchers develop a flexible screen worn on the skin that they claim can monitor patients' heart rate and other vitals
ZenFone 5 Pro appears to boast a Snapdragon 845 SOC, an Adreno 630 GPU and 6GB of RAM
Pilot project will serve 300 homes to start with
The IoT faces significant compatibility challenges, which could be avoided for blockchain by adopting Hyperledger