[原文]The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
Cisco ONS 15000 Series CTC Launcher java.policy Permission Weakness Arbitrary Code Execution
Remote / Network Access
Loss of Integrity
Cisco CTC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the Java Applet installed by CTC on a client workstation installs with a 'grant all' permission set for 'http://*/fs/LAUNCHER.jar'. This allows malicious applets from websites to execute arbitrary Java code with all permissions if they are installed in a location that fits that pattern. This flaw may lead to a loss of integrity.
Upgrade to version 4.1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.