Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Secure Access Control System Java Deserialization Vulnerability

cisco-sa-20180307-acs2 · Critical · Published · Updated

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2018-0147
Cisco Bug IDsCSCvh25988
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Secure Access Control System (ACS)

Related Products

Product CVE Evidence
Cisco Secure Access Control System (ACS) CVE-2018-0147 Cisco OpenVuln