The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated malicious user to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated malicious user to execute SQL statements that can cause instability of the product or changes in the configuration. Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other. Cisco has released software updates that address these vulnerabilities. This advisory is posted at tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100217-csa.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco security agent 6.0 |
Vulmon