CVE-2019-12630

CWE-20Improper Input ValidationCWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
9.8CRITICAL
EPSS
7.8%
top 8.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Security ManagerCisco Security Manager
Timeline
PublishedOct 2
Latest updateMay 24

Description

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary command

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_security_managerunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-342j-57xr-35p2: A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitra2022-05-24
CVEList
Cisco Security Manager Java Deserialization Vulnerability2019-10-02

📋Vendor Advisories

1
Cisco
Cisco Security Manager Java Deserialization Vulnerability2019-10-02