Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities

Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access. This security advisory identifies the following vulnerabilities: ACE Device Manager and ANM invalid directory permissions vulnerability ANM default user credentials vulnerability ANM MySQL default credentials vulnerability ANM Java agent privilege escalation Cisco has released software updates that address these vulnerabilities. A workaround that mitigates one of the issues is available. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090225-anm . Note: This advisory is being released simultaneously with a multiple vulnerabilities advisory impacting the ACE appliance and module software, which is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090225-ace .