CVE-2019-12630

Name of the Vulnerable Software and Affected Versions Cisco Security Manager (affected versions not specified)

Description A vulnerability in the Java deserialization function could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The issue is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this by sending a malicious serialized Java object to a specific listener on an affected system, potentially allowing the execution of arbitrary commands with the privileges of casuser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.