cbcvebase.
CVE-2015-6420
published 2015-12-15

CVE-2015-6420: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
18.76%
96.9th percentile
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Affected

3 ranges
VendorProductVersion rangeFixed in
apachecommons_collections
apachecommons_collections>= 3.0 < 3.2.23.2.2
ciscoproducts

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
  • Detect crafted serialized Java objects submitted to applications using the Apache Commons Collections (ACC) library — look for Java serialization magic bytes (0xACED 0x0005) in network traffic destined for affected application endpoints.
  • Flag applications that accept serialized Java objects from the network without input validation — the attack vector is unauthenticated remote submission of crafted serialized objects.
  • Proof-of-concept exploit code targeting WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic was publicly released on November 6, 2015 by Foxglove Security Group — monitor these platforms for exploitation attempts.
  • Track Cisco bug IDs CSCux17638, CSCux18412, and CSCux21425 for affected Cisco product versions to prioritize patching and detection scope.
  • ·Any application or application framework using the ACC library and deserializing arbitrary user-supplied Java serialized data is potentially vulnerable — not limited to Cisco products.
  • ·No workarounds are available for this vulnerability; only software updates address it.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.