CVE-2019-12630
published 2019-10-02CVE-2019-12630: A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
65.85%
99.2th percentile
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_security_manager | >= unspecified < n/a | n/a |
| cisco | security_manager | < 4.18 | 4.18 |
| cisco | security_manager_java_deserialization | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector targets a specific Java deserialization listener on the affected Cisco Security Manager system; monitor for malicious serialized Java objects sent to that listener ↗
- →Successful exploitation results in command execution under the 'casuser' account; alert on unexpected process spawning or command execution by the casuser identity on Cisco Security Manager hosts ↗
- ·No workarounds are available for this vulnerability; patching to the fixed software version is the only mitigation ↗
- ·The vulnerability is rooted in insecure deserialization of user-supplied content; any externally reachable Java deserialization endpoint on Cisco Security Manager should be treated as an attack surface ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-342j-57xr-35p2: A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitra
ghsa_unreviewed·2022-05-24
CVE-2019-12630 [CRITICAL] CWE-20 GHSA-342j-57xr-35p2: A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitra
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.
Cisco
Cisco Security Manager Java Deserialization Vulnerability
vendor_cisco·2019-10-02·CVSS 6.5
CVE-2019-12630 [MEDIUM] CWE-20 Cisco Security Manager Java Deserialization Vulnerability
Cisco Security Manager Java Deserialization Vulnerability
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.clou
Cisco
Cisco Security Manager Java Deserialization Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-12630 Cisco Security Manager Java Deserialization Vulnerability
CVE-2019-12630: Cisco Security Manager Java Deserialization Vulnerability
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser . Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvj29055
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-10-02
Published