The NSFOCUS Research Department discovered in a security test that remote buffer overflow vulnerability exists in the Cisco Security Agent for Windows. Attackers could exploit this vulnerability to execute arbitrary code by sending a malicious request.
Due to the high severity, NSFOCUS at once informed Cisco of it. The latest security bulletin of Cisco reminds users of this vulnerability, tells them that it may cause intrusion to the Windows system that installs the software, and recommends users to upgrade the Cisco Security Agent to the latest version to avoid security risk. Cisco thanks NSFOCUS for its technique help.
As a security protection product, Cisco Security Agent is widely used. However, the risk caused by this vulnerability is huge and may lead to system crash or full system control by sending malicious network data of special structure to the Windows system with the software installed. Therefore, Cisco provided CVSS Base Score of 10, which is the highest risk score.
NSFOCUS has been dedicating to basic security research since its establishment. It discovered over 30 security vulnerabilities recognized by international vendors and third party authoritative organizations, which is the top number of discovered vulnerabilities among national security vendors. The vulnerability research of NSFOCUS becomes its competence in developing network security products. Therefore, security products of NSFOCUS exclusively have the comprehensive vulnerability scanning ability, which is more applicable in the special environment of China. Powered by its long term research achievements and security product development capability, NSFOCUS provides hi-end security products and comprehensive security solutions for customers in government, telecom, finance, and power supply industries, and helps them construct their safe and reliable green network environments. |
