漏洞信息
# N/A
## 漏洞概述
某些Cisco产品中使用了Apache Commons Collections (ACC)库,使得通过特制的序列化Java对象允许远程攻击者执行任意命令。
## 影响版本
- Cisco Collaboration and Social Media
- Endpoint Clients and Client Software
- Network Application, Service, and Acceleration
- Network and Content Security Devices
- Network Management and Provisioning
- Routing and Switching - Enterprise and Service Provider
- Unified Computing
- Voice and Unified Communications Devices
- Video, Streaming, TelePresence, and Transcoding Devices
- Wireless
- Cisco Hosted Services
## 漏洞细节
漏洞源于Apache Commons Collections (ACC)库中对序列化Java对象处理不当,导致攻击者可以通过构造恶意的序列化对象来执行任意命令。
## 影响
远程攻击者可以利用此漏洞在受影响的设备上执行任意命令,从而完全控制设备。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
漏洞描述信息
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多款Cisco产品Apache Commons Collections库任意代码执行漏洞
漏洞描述信息
Apache Commons Collections(ACC)是美国阿帕奇(Apache)软件基金会的一个Apache Commons项目的Commons Proper(可重复利用Java组件库)中的组件,它可以扩展或增加Java集合框架。 多款Cisco产品的ACC库中使用的Java反序列化过程中存在安全漏洞。远程攻击者可通过提交特制的输入利用该漏洞执行任意代码。以下产品及版本受到影响:Cisco Digital Life RMS 1.8.1.1版本,Broadband Access Center Te
CVSS信息
N/A
漏洞类别
代码问题