Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Security Manager Java Deserialization Vulnerabilities
Vulnerability Description
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco Security Manager 代码问题漏洞
Vulnerability Description
Cisco Security Manager(CSM)是美国思科(Cisco)公司的一套企业级的管理应用,它主要用于在Cisco网络和安全设备上配置防火墙、VPN和入侵保护安全服务。 Cisco Security Manager 存在代码问题漏洞,该漏洞源于受影响的软件对用户提供的内容进行了不安全的反序列化。攻击者可利用该漏洞可以通过向受影响系统上的特定侦听器发送恶意的序列化Java对象来利用这些漏洞。成功的利用可导致在受影响的设备上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A