CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15381

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.591

EPSS Ranking 98.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://www.securityfocus.com/bid/105876
http://www.securitytracker.com/id/1042130
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue
http://www.securityfocus.com/bid/105876
http://www.securitytracker.com/id/1042130
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue

Products affected by CVE-2018-15381

Cisco » Unity Express » Version: Any

cpe:2.3:a:cisco:unity_express:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15381

Products

Pricing

Contact Us