Vulnslist

find the latest Cisco vulnerabilities

Cisco Unity Express Arbitrary Command Execution Vulnerability

cisco-sa-20181107-cue · Critical · Published · Updated

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue

Cisco advisory ·CSAF JSON

Workarounds

Access Control List
This vulnerability can be exploited over TCP port 1099. The CUE does not need this port to be open externally and may be blocked to protect against remote exploitation of this vulnerability. An administrator can configure an access control list that blocks all traffic with a destination port of TCP/1099 from reaching the CUE as shown in the following example:

interface SM2/0
ip unnumbered GigabitEthernet0/0 ip access-group CSCvm02856_Mitigation in ip access-group CSCvm02856_Mitigation out service-module ip address 192.168.0.2 255.255.255.0 !Application: CUE Running on SM service-module ip default-gateway 192.168.0.1 ! ip access-list extended CSCvm02856_Mitigation deny tcp any host 192.168.0.2 eq 1099 deny tcp host 192.168.0.2 eq 1099 any permit any any

CVEsCVE-2018-15381
Cisco Bug IDsCSCvm02856
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Unity Express

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2018-15381 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2018-15381 Cisco OpenVuln
8110 Series Broadband Network Termination Units CVE-2018-15381 Cisco OpenVuln
Cisco Unity Express CVE-2018-15381 Cisco OpenVuln
Cisco Unity CVE-2018-15381 Cisco OpenVuln