Secunia Security Advisory 17815

Secunia Security Advisory 17815: Posted Nov 30, 2005; Authored by Secunia | Site secunia.com; Secunia Security Advisory - A vulnerability has been reported in Cisco Security Agent (CSA), which can be exploited by malicious, local users to gain escalated privileges.; tags | advisory, local; systems | cisco; SHA-256 | c2536e51a9360cdeef32074e50488879996b5d56e0f4531bed81b3cc141f72f9; Download | Favorite | View

Secunia Security Advisory 17815



TITLE:
Cisco Security Agent Local Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA17815

VERIFY ADVISORY:
http://secunia.com/advisories/17815/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Cisco Security Agent (CSA) 4.x
http://secunia.com/product/4246/

DESCRIPTION:
A vulnerability has been reported in Cisco Security Agent (CSA),
which can be exploited by malicious, local users to gain escalated
privileges.

The vulnerability is caused due to an unspecified error in CSA on the
Windows platform. This can be exploited by malicious users to gain
SYSTEM privileges on a vulnerable system.

The vulnerability has been reported in the following versions:
* Cisco CSA version 4.5.0 (all builds) managed and standalone
agents.
* Cisco CSA version 4.5.1 (all builds) managed and standalone
agents.
* Cisco CSA version 4.5.0 (build 573) for CallManager.
* Cisco CSA version 4.5.1 (build 628) for CallManager.
* Cisco CSA version 4.5.1 (build 616) for Intelligent Contact
Management (ICM), IPCC Enterprise, and IPCC Hosted.
* Cisco CSA version 4.5.0 ( build 573) for Cisco Voice Portal (CVP)
3.0 and 3.1.

SOLUTION:
Update to version 4.5.1.639.

Management Center for Cisco Security Agents:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa

CSA for CallManager:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des 

CSA for ICM, IPCC Enterprise, and IPCC Hosted:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa10-crypto

CSA for CVP 3.0 and 3.1:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa-cvp-20

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 219 files
indoushka 83 files
Ubuntu 79 files
Gentoo 36 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,707)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,485)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,737)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

Secunia Security Advisory 17815

Secunia Security Advisory 17815

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 17815

Share This

Secunia Security Advisory 17815

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems