September 14, 2005
Products Affected
LMS 2.2
Problem Description
A vulnerability in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. See CSCsb29106.
Background
There is a security vulnerability in the SUN's implementation of JRE which is present in the version of Java Plug-in shipped by Cisco Works Common Services. See the Sun Alert Notification 101749 for more information.
Though CiscoWorks neither exploits nor is impacted by this vulnerability, we need to upgrade the plugin version to 1.4.2_08 as mentioned in the Alert Notification.
Problem Symptoms
There are no reliable symptoms that would indicate the described issue has been exploited.
Workaround/Solution
The following patches are available:
DDTS
To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.
|
DDTS |
Description |
|---|---|
|
CSCsb29106 (registered customers only) |
Need to upgrade JPI version to 1.4.2_08 due to security vulnerability |
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.