Cisco is advising administrators to update systems following the discovery of a remote code execution vulnerability in Security Agent 6.0.
The flaw could allow an attacker to remotely target the Oracle Outside component for the Fusion Middleware platform to access the Cisco software on Windows systems.
Cisco said in a security advisory that successful exploitation would allow the attacker to execute code and control the targeted system with administrator rights.
Cisco has released a free patch and is advising customers to obtain the Cisco Security Agent 188.8.131.52 fix through their service provider or hardware retailer. No other mitigations for the vulnerability are known.
Proof-of-concept code for the flaw has been posted, but Cisco has not received any reports of the vulnerability being exploited in the wild. No other products or components are believed to be affected.
The fix follows recent patches from Microsoft and Oracle. The Microsoft monthly patch included fixes for Silverlight and Internet Explorer, while the Oracle update contained 56 patches addressing issues in Fusion Middleware, Linux and Sun software platforms.
Using photocatalysts to convert carbon dioxide into usable energy such as methane or ethane
Trained on curated data from Moorfields Eye Hospital, the neural network also shows clinicians how it reached its judgement
Yokohama National University demonstrate technology that could lead to a fault-tolerant universal quantum computer
Top-of-the-range Threadripper 2990WX now available from Scan, Ebuyer, Overclockers, Novatech and Amazon