Vulnerabilities > CVE-2018-0147 - Deserialization of Untrusted Data vulnerability in Cisco Secure Access Control System 5.2(0.3)

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

CWE-502

critical

nessus

NVD

Published: 2018-03-08

Updated: 2020-09-04

Summary

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Secure Access Control System 5.2\(0.3\)	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20180307-ACS2.NASL
description	The version of Cisco Secure Access Control System (ACS) running on the remote host is prior to 5.8.0.32.9 Cumulative Patch. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	108406
published	2018-03-16
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108406
title	Cisco Secure Access Control Multiple Vulnerabilities (cisco-sa-20180307-acs1 / cisco-sa-20180307-acs2)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108406); script_version("1.3"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-0147", "CVE-2018-0218"); script_bugtraq_id(103328, 103345); script_xref(name:"CISCO-BUG-ID", value:"CSCvh25988"); script_xref(name:"CISCO-BUG-ID", value:"CSCve70616"); script_xref(name:"CISCO-SA", value:"cisco-sa-20180307-acs2"); script_xref(name:"CISCO-SA", value:"cisco-sa-20180307-acs1"); script_xref(name:"IAVA", value:"2018-A-0084"); script_name(english:"Cisco Secure Access Control Multiple Vulnerabilities (cisco-sa-20180307-acs1 / cisco-sa-20180307-acs2)"); script_summary(english:"Checks the ACS version."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The version of Cisco Secure Access Control System (ACS) running on the remote host is prior to 5.8.0.32.9 Cumulative Patch. It is, therefore, affected by multiple vulnerabilities."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e98b9cb0"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?41f35c0f"); script_set_attribute(attribute:"solution", value: "Upgrade to version 5.8.0.32.9 Cumulative Patch or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:secure_access_control_system"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_secure_acs_version.nasl"); script_require_keys("Host/Cisco/ACS/Version", "Host/Cisco/ACS/DisplayVersion"); exit(0); } include("audit.inc"); include("cisco_func.inc"); ver = get_kb_item_or_exit("Host/Cisco/ACS/Version"); display_ver = get_kb_item_or_exit("Host/Cisco/ACS/DisplayVersion"); fix = '5.8.0.32.9'; if ( ver_compare(ver:ver, fix:fix, strict:FALSE) < 0 ) { security_report_cisco( port : 0, severity : SECURITY_HOLE, version : display_ver, bug_id : "CSCvh25988a", fix : fix ); } else audit(AUDIT_INST_VER_NOT_VULN, 'Secure ACS', display_ver);

The Hacker News

id	THN:A81A2037655E7E59C48C199FE05E1D96
last seen	2018-03-08
modified	2018-03-08
published	2018-03-08
reporter	Swati Khandelwal
source	https://thehackernews.com/2018/03/cisco-pcp-security.html
title	Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

The Hacker News

References