Cisco is advising administrators to update systems following the discovery of a remote code execution vulnerability in Security Agent 6.0.
The flaw could allow an attacker to remotely target the Oracle Outside component for the Fusion Middleware platform to access the Cisco software on Windows systems.
Cisco said in a security advisory that successful exploitation would allow the attacker to execute code and control the targeted system with administrator rights.
Cisco has released a free patch and is advising customers to obtain the Cisco Security Agent 126.96.36.199 fix through their service provider or hardware retailer. No other mitigations for the vulnerability are known.
Proof-of-concept code for the flaw has been posted, but Cisco has not received any reports of the vulnerability being exploited in the wild. No other products or components are believed to be affected.
The fix follows recent patches from Microsoft and Oracle. The Microsoft monthly patch included fixes for Silverlight and Internet Explorer, while the Oracle update contained 56 patches addressing issues in Fusion Middleware, Linux and Sun software platforms.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance