CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-12630

CVSS 9.8v3.1pub. 2019-10-02upd. 2024-11-21

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Security Manager

    APP
    Cisco
    < 4.18
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2020-27130CRITICAL9.1ten sam produkt

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to se...

CVE-2020-27125HIGH7.4ten sam produkt

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive ...

CVE-2020-27131HIGH8.1ten sam produkt

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could all...

CVE-2010-3036HIGH10.0ten sam produkt

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Com...

CVE-2009-1161HIGH10.0ten sam produkt

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through...