Unrated severityNVD Advisory· Published Nov 8, 2018· Updated Nov 26, 2024
Cisco Unity Express Arbitrary Command Execution Vulnerability
CVE-2018-15381
Description
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: n/a
Patches
Vulnerability mechanics
References
3- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cuemitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/105876mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1042130mitrevdb-entryx_refsource_SECTRACK
News mentions
0No linked articles in our index yet.