Wednesday, March 7, 2018

Cisco ACS Unauthenticated Java Deserialization Vulnerability

Vulnerability could allow an unauthenticated remote user to execute commands with root privilege, and affects all versions prior to 5.8 update 9 (so, pretty much every version).

Link to advisory

Edit: 5.8 u7 and 8 at least require authentication to exploit it

"ACS systems running release 5.8 Patch 7 or Patch 8, require authentication in order to exploit this vulnerability"



No comments:

Post a Comment