CVE-2018-15381

Name of the Vulnerable Software and Affected Versions Cisco Unity Express (affected versions not specified)

Description The issue is related to a Java deserialization vulnerability. It occurs when the software insecurely deserializes user-supplied content, specifically Java objects, through the Java Remote Method Invocation (RMI) service. This could allow a remote attacker to execute arbitrary shell commands with the privileges of the root user. The attacker could exploit this by sending a malicious serialized Java object to the RMI service.

Recommendations For Cisco Unity Express, consider disabling the Java RMI service until a patch is available to prevent exploitation. Restrict access to the Java deserialization functionality to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.