Cisco has a flaw that allows remote code execution on systems where its Unified Service Monitor (USM), Unified Operations Manager (UOM) and LAN Management Solution (LMS) software packages are in use.
The flaw allows an unauthenticated remote attacker to execute code on servers running the packages and suffers exposure when sending crafted packets to the server over port 9002.
Cisco is unaware of any exploitation of the vulnerability in the wild, officials said. Customers will find details of how to obtain fixed versions of the software in the advisories.
All versions of Unified Service Monitor and Unified Operations Manager prior to version 8.6 are vulnerable.
LAN Management Solution versions 3.1, 3.2 and 4.0 also suffer from the vulnerability, although 3.1 and 3.2 are only vulnerable when there is an installed Device Fault Management component. All installations of 4.0 are vulnerable.