CVE-2018-0147

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control System versions prior to 5.8 patch 9

Description A vulnerability in Java deserialization used by the affected software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The issue is due to insecure deserialization of user-supplied content. An attacker could exploit this by sending a crafted serialized Java object, potentially allowing the execution of arbitrary commands on the device with root privileges.

Recommendations For versions prior to 5.8 patch 9, update to release 5.8 patch 9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Java deserialization functionality to minimize the risk of exploitation.