Vulnerability Found In Cisco Security Agent
The buffer overflow error exists due to an input validation error in a system driver used by the CSA for Windows. If a malicious request is processed, data would trigger the overflow, which could potentially allow an unauthenticated, remote attacker to completely crash or execute code that would completely take control the affected system.
The problem is fixable, however. Cisco has released free updated software addressing the vulnerability.
A buffer overflow results from a programming error in which a system attempts to store data beyond the capacities of its prescribed buffer, thus overwriting adjacent memory locations. The resulting overflow could result in impeded memory access or a complete system shutdown.
Several versions of CSA, a personal firewall-type feature, contain the vulnerability, which affect both the managed and standalone implementations of the product, according to the Cisco alert. Systems running the Cisco Security Manager and Cisco IP Communications application servers both contain standalone implementations of CSA.
The Cisco report advised that users update their systems with appropriate software patches. The report also stated that because the error has the potential to affect a high number of systems, the vulnerability is a particularly attractive target for criminals and agencies planning to execute cyber attacks. Experts say that drive-by installs of spyware are likely while advising users to implement a patch as soon as possible.