Lucene search
CiscoCVELIST:CVE-2018-0147HistoryMar 08, 2018 - 7:00 a.m.
CVE-2018-0147
2018-03-0807:00:00
CWE-20
cisco
www.cve.org
8
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.
CNA Affected
[
{
"product": "Cisco Secure Access Control System",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Secure Access Control System"
}
]
}
]Related
ptsecurity
ptsecurity
PT-2018-28: Arbitrary Command Execution in Cisco Secure ACS
2017-01-06 00:00:00
nvd
nvd
CVE-2018-0147
2018-03-08 07:29:00
attackerkb
attackerkb
CVE-2018-0147
2018-03-08 00:00:00
prion
prion
Deserialization of untrusted data
2018-03-08 07:29:00
cisco
cisco
Cisco Secure Access Control System Java Deserialization Vulnerability
2018-03-07 16:00:00
cisa_kev
cisa_kev
Cisco Secure Access Control System Java Deserialization Vulnerability
2022-03-25 00:00:00
cve
cve
CVE-2018-0147
2018-03-08 07:29:00
thn
thn
Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
2018-03-08 17:37:00
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly
2022-03-17 12:59:00
myhack58
myhack58
nessus
nessus