CVE-2018-15381
published 2018-11-08CVE-2018-15381: A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the…
PriorityP181critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
87.25%
99.7th percentile
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_unity_express | — | — |
| cisco | unity_express | < 9.0.6 | 9.0.6 |
| cisco | unity_express | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a malicious serialized Java object sent to the Java RMI service; monitor for unexpected or malformed RMI traffic targeting Cisco Unity Express devices ↗
- →Successful exploitation results in arbitrary shell commands executed with root privileges; monitor for unexpected root-level process spawning on Cisco Unity Express devices ↗
- →The attack is unauthenticated and remote; no credentials are required, so any inbound RMI connection from an untrusted source to a CUE device should be treated as suspicious ↗
- ·No workarounds are available for this vulnerability; the only remediation is applying Cisco's software updates ↗
- ·Cisco Bug IDs associated with this vulnerability are CSCvm02856; use these to track patch status in Cisco's advisory portal ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Unity Express Arbitrary Command Execution Vulnerability
vendor_cisco·2018-11-07·CVSS 9.8
CVE-2018-15381 [CRITICAL] CWE-502 Cisco Unity Express Arbitrary Command Execution Vulnerability
Cisco Unity Express Arbitrary Command Execution Vulnerability
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user.
The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
htt
Cisco
Cisco Unity Express Arbitrary Command Execution Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-15381 Cisco Unity Express Arbitrary Command Execution Vulnerability
CVE-2018-15381: Cisco Unity Express Arbitrary Command Execution Vulnerability
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-502, CWE-502
Bug IDs: CSCvm02856, CSCvm02856, CSCvm02856, CSCvm0
GHSA
GHSA-8wm8-7pxp-g9m4: A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands
ghsa_unreviewed·2022-05-13
CVE-2018-15381 [CRITICAL] CWE-502 GHSA-8wm8-7pxp-g9m4: A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105876http://www.securitytracker.com/id/1042130https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cuehttp://www.securityfocus.com/bid/105876http://www.securitytracker.com/id/1042130https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue
2018-11-08
Published