Guest

CiscoWorks Common Services Software

Field Notice: FN - 62325 - Common Services 2.2 and 3.0 - Java Plug-in Security Vulnerability - Upgrade/Patch Required


Revised February 9, 2006

February 7, 2006

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

CiscoWorks Common Services - 2.2

CiscoWorks Common Services - 3.0

Problem Description

CiscoWorks Common Services 2.2 and 3.0 ship with Java Plug-in and security vulnerabilities exist in the current version of Java Plug-in. CiscoWorks neither exploits nor is impacted by these vulnerabilities, however the Java Plug-in may allow an untrusted applet to elevate its Privileges.

See the Sun Alert Notification numbered 102003 for more information on the vulnerabilities.

Problem Symptoms

There are no reliable symptoms that would indicate the described issue has been exploited.

Workaround/Solution

Patches for CiscoWorks Common Services 2.2 and 3.0 have been posted on the CiscoWorks Server CD-One Patches (registered customers only) site.

Download the appropriate patch as listed below based on your version of Common Services and your Operating System:

Common Services 3.0:

Solaris: cwcs3.0-sol-CSCsc756621.tar

Windows: cwcs3.0-win-CSCsc756621.tar

Common Services 2.2:

Solaris: cmf2.2.2-sol-CSCsc756391.tar

Windows: cmf2.2.2-win-CSCsc756391.tar

Revision History

Revision

Date

Comment

1.1

09-FEB-2006

Edited Problem Description and Workaround Sections

1.0

07-FEB-2006

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.