A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2018-03-08T07:00:00
Updated: 2024-08-05T03:14:16.912Z
Reserved: 2017-11-27T00:00:00
Link: CVE-2018-0147
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-03-08T07:29:00.377
Modified: 2020-09-04T17:57:06.397
Link: CVE-2018-0147
Redhat
No data.