Lucene search
PRIOn knowledge basePRION:CVE-2018-0147HistoryMar 08, 2018 - 7:29 a.m.
Deserialization of untrusted data
2018-03-0807:29:00
PRIOn knowledge base
www.prio-n.com
1
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.
| CPE | Name | Operator | Version |
|---|---|---|---|
| secure_access_control_system | eq | 5.20.3 |
Related
cve
cve
CVE-2018-0147
2018-03-08 07:29:00
cisa_kev
cisa_kev
Cisco Secure Access Control System Java Deserialization Vulnerability
2022-03-25 00:00:00
cvelist
cvelist
CVE-2018-0147
2018-03-08 07:00:00
ptsecurity
ptsecurity
PT-2018-28: Arbitrary Command Execution in Cisco Secure ACS
2017-01-06 00:00:00
attackerkb
attackerkb
CVE-2018-0147
2018-03-08 00:00:00
nvd
nvd
CVE-2018-0147
2018-03-08 07:29:00
cisco
cisco
Cisco Secure Access Control System Java Deserialization Vulnerability
2018-03-07 16:00:00
nessus
nessus
thn
thn
Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
2018-03-08 17:37:00
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly
2022-03-17 12:59:00
