Cisco is advising administrators to update systems following the discovery of a remote code execution vulnerability in Security Agent 6.0.
The flaw could allow an attacker to remotely target the Oracle Outside component for the Fusion Middleware platform to access the Cisco software on Windows systems.
Cisco said in a security advisory that successful exploitation would allow the attacker to execute code and control the targeted system with administrator rights.
Cisco has released a free patch and is advising customers to obtain the Cisco Security Agent 18.104.22.168 fix through their service provider or hardware retailer. No other mitigations for the vulnerability are known.
Proof-of-concept code for the flaw has been posted, but Cisco has not received any reports of the vulnerability being exploited in the wild. No other products or components are believed to be affected.
The fix follows recent patches from Microsoft and Oracle. The Microsoft monthly patch included fixes for Silverlight and Internet Explorer, while the Oracle update contained 56 patches addressing issues in Fusion Middleware, Linux and Sun software platforms.
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23
Asda, Morrisons and Tesco in the frame for checkout facial recognition technology
Research opens up new possibilities for structural batteries, where the carbon fibre forms part of the energy system
Another shape could have indicated hard-to-detect particles