QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-0147

Back to search

CVE-2018-0147

Published: Mar 8, 2018

Modified: Jan 12, 2026

PUBLISHED

Description

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.

VendorProductVersions

n/a

Cisco Secure Access Control System

affected
Cisco Secure Access Control System

Weaknesses (CWE)

CWE-20

References

1040463
vdb-entry
x_refsource_SECTRACK
103328
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now