Cisco Security Manager RMI Insecure Deserialization

Strike ID:
E19-7os61
CVSS:
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
t
Variants:
1
Year:
2019

Description

This strike exploits an insecure Java deserialization vulnerability in Cisco Security Manager. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of the user running the CSM service.

CVE

References