CiscoがCisco Secure Access Control Serverにユーザがパスワードを変えられるアプリケーションがあるのですが、その脆弱性対応としてセキュリティアドバイザリを出しています。

リモートから任意のコードが実行可能とのこと。

Cisco has released Security Advisory cisco-sa-20080312-ucp to address multiple vulnerabilities in the Cisco Secure Access Control Server for Windows User-Changeable Password (UCP) application. These vulnerabilities are due to buffer overflow conditions and improper sanitization of input passed to CSuserCGI.exe. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code.

US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080312-ucp and apply any necessary updates.