Executive Summary
Summary | |
---|---|
Title | Cisco Secure Access Control System Java Deserialization Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180307-acs2 | First vendor Publication | 2018-03-07 |
Vendor | Cisco | Last vendor Modification | 2018-03-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJaoA/qXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczRl8QAJC9YSTm9VYdIvSoC3RaGQ0JhIhQ Sc4NvDu4N9a1OgwJ305uOOA1gAfEgydOU2fKktdb5E8kTiEf5x0zcupmnz2LaRVB 0YoWu2Kg9AtqNLifJLTjsn4oB7gTtRMG/6d3+J3Z6HKuwl6Dg/6nrtK6xM2CiKI +6Rk+Eg/E+Vva3rfF18ObfjFof2O1iYgMZ8AFlMN5e1YAc9HvyTp8UlW8W0BQDBGT PmdczYgET1vc4fY0iq1t0udLXEUT3SQqA0oge2W7509yDIWPgzqTD83ecNfIpE/0 yLyyCYd1c6oYqRK7cyE93kEK3LNSWJrZ/Jc1ozomPgvKE8pzOpRM55KbV0meh4Jz ePMP6CWZ4UohwUWihc2k3eIUSfrhsxwI1BNh/WvIrW+lnCcvNlhSxlSWtYWYiTWJ 4y6p/1oVIQ8uUW0qntH7YgnrTTeyXYiWuQAWtSiukyoM3XkgUjH4aJHYXDsJ8y// G4lwzyzjCE1KZBxcVmOw3IPCwzPQoUKdsbp89YUFMeTTvwEg/vXfJj3pO+cCxQR0 NZ9JiuZtVBSsofITHmcax4Yw4/eXvnVKFCiQEhURdp3NmtBvQgXXxsPKQxzx1ezj qvtwJlnf9lOyGX6PGV/AviNY6AJlE9aQ4KqPS9RYk3RrSqoqWvxQ1cZMPhOBp475 2Q84tP5awiWpMPrX =9JGN END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-502 | Deserialization of Untrusted Data |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco ACS unsafe Java object deserialization attempt RuleID : 45870 - Revision : 1 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-03-16 | Name : The remote host is missing a vendor-supplied security patch. File : cisco-sa-20180307-acs2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-03-29 17:21:19 |
|
2018-03-08 12:07:06 |
|
2018-03-07 21:19:52 |
|