CRITICAL✓ PATCH🇬🇧 English

CVE-2019-12630

CVSS 9.8v3.1pub. 2019-10-02upd. 2024-11-21

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Security Manager

    APP
    Cisco
    < 4.18
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Deserialization
CWE
Referencje

Powiązane podatności

CVE-2020-27130CRITICAL9.1ten sam produkt

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to se...

CVE-2020-27125HIGH7.4ten sam produkt

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive ...

CVE-2020-27131HIGH8.1ten sam produkt

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could all...

CVE-2010-3036HIGH10.0ten sam produkt

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Com...

CVE-2009-1161HIGH10.0ten sam produkt

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through...