Guest

CiscoWorks CD One

Field Notice: FN - 62199 - A Vulnerability in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges


September 14, 2005


Products Affected

LMS 2.2

Problem Description

A vulnerability in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. See CSCsb29106.

Background

There is a security vulnerability in the SUN's implementation of JRE which is present in the version of Java Plug-in shipped by Cisco Works Common Services. See the Sun Alert Notification 101749 for more information.

Though CiscoWorks neither exploits nor is impacted by this vulnerability, we need to upgrade the plugin version to 1.4.2_08 as mentioned in the Alert Notification.

Problem Symptoms

There are no reliable symptoms that would indicate the described issue has been exploited.

Workaround/Solution

The following patches are available:

Patch for CS 2.2 Solaris

Patch for CS 2.2 Windows

Readme File

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsb29106 (registered customers only)

Need to upgrade JPI version to 1.4.2_08 due to security vulnerability

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.