-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Security Manager Vulnerability
Advisory ID: cisco-sa-20090121-csm
http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml
Revision 1.0
+------------------
All versions of Cisco Security Agent for Windows, either managed
or standalone, are affected. Agents that are running on Cisco IP
Communications application servers or agents on systems that are running
the Cisco Security Manager are examples of a standalone implementation.
Standalone agents are installed in the following Cisco IP Communications
products:
* Cisco Unified Communications Manager (CallManager)
Note: CiscoWorks LAN Management Solution versions prior to 3.2
reached end of software maintenance. Customers should contact
their Cisco support team for assistance in upgrading to a
supported version of CiscoWorks LAN Management Solution.
* Cisco Security Manager
+---------------------------------------------------------------+
| Security Manager Versions | Common Services |
| | Versions |
|-----------------------------------------+---------------------|
| Solution | 2007 Update) | |
|-------------------------------+------------------+----------------|
| CiscoWorks LAN Management | 3.2 | 3.3.0 |
| Solution | | |
|-------------------------------+------------------+----------------|
| Cisco Security Manager | 3.0.2 | 3.0.5 |
|-------------------------------+------------------+----------------|
| Cisco Security Manager | 3.1 and 3.1.1 | 3.0.5 |
|-------------------------------+------------------+----------------|
| Cisco Security Manager | 3.2 | 3.1 |
|-------------------------------+------------------+----------------|
* Cisco Unity
* Cisco Unity Connection
* Cisco Unity Bridge
* Cisco Secure ACS Solution Engine
* Cisco Internet Service Node (ISN)
* Cisco Security Manager (CSM)
Note: The Sun Solaris version of the Cisco Security Agent is not
affected by these vulnerabilities.
Products Confirmed Not Vulnerable
|----------------------------------------------------------------+---------------------------|
| Cisco Quad Collaboration | CSCts36158 |
|----------------------------------------------------------------+---------------------------|
| Cisco Secure Access Control System | CSCts33196 |
|----------------------------------------------------------------+---------------------------|
| Cisco Security Manager | CSCts33056 |
|----------------------------------------------------------------+---------------------------|
| Cisco Service Exchange Framework | CSCts33218 |
|----------------------------------------------------------------+---------------------------|
| Cisco Signaling Gateway Manager | CSCts33248 |
|----------------------------------------------------------------+---------------------------|
their base are affected by this vulnerability.
* Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
* CiscoWorks QoS Policy Manager versions 4.0 and 4.1
* CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0
* Cisco Security Manager versions 3.0, 3.1, and 3.2
* Cisco TelePresence Readiness Assessment Manager version 1.0
* CiscoWorks Voice Manager versions 3.0 and 3.1
* CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1
* Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
* Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and
