- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Secure Access Control System Java Deserialization Vulnerability
Advisory ID: cisco-sa-20180307-acs2
Revision: 1.0
For Public Release: 2018 March 7 16:00 GMT
Last Updated: 2018 March 7 16:00 GMT
CVE ID(s): CVE-2018-0147
CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJaoA/qXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczRl8QAJC9YSTm9VYdIvSoC3RaGQ0JhIhQ
Sc4NvDu4N9a1OgwJ305uOOA1gAfEgydOU2fKktdb5E8kTiEf5x0zcupmnz2LaRVB
0YoWu2Kg9AtqNLifJLTjsn4oB7gTtRMG/6d3+J3Z6HKuwl6Dg/6nrtK6xM2CiKI+
6Rk+Eg/E+Vva3rfF18ObfjFof2O1iYgMZ8AFlMN5e1YAc9HvyTp8UlW8W0BQDBGT
PmdczYgET1vc4fY0iq1t0udLXEUT3SQqA0oge2W7509yDIWPgzqTD83ecNfIpE/0
yLyyCYd1c6oYqRK7cyE93kEK3LNSWJrZ/Jc1ozomPgvKE8pzOpRM55KbV0meh4Jz
ePMP6CWZ4UohwUWihc2k3eIUSfrhsxwI1BNh/WvIrW+lnCcvNlhSxlSWtYWYiTWJ
4y6p/1oVIQ8uUW0qntH7YgnrTTeyXYiWuQAWtSiukyoM3XkgUjH4aJHYXDsJ8y//
G4lwzyzjCE1KZBxcVmOw3IPCwzPQoUKdsbp89YUFMeTTvwEg/vXfJj3pO+cCxQR0
NZ9JiuZtVBSsofITHmcax4Yw4/eXvnVKFCiQEhURdp3NmtBvQgXXxsPKQxzx1ezj
qvtwJlnf9lOyGX6PGV/AviNY6AJlE9aQ4KqPS9RYk3RrSqoqWvxQ1cZMPhOBp475
2Q84tP5awiWpMPrX
=9JGN
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
| Autor | Petar Bertok |
| Cert id | NCERT-REF-2018-03-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
