Cisco Products Apache Struts 2 Command Execution Vulnerability

Last Update Date: 25 Oct 2013 10:06 Release Date: 25 Oct 2013 3192 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability has been identified in multiple Cisco products, which include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability.

 

The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system.

Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco Business Edition 3000
  • Cisco Identity Services Engine (ISE)
  • Cisco Media Experience Engine (MXE) 3500 Series
  • Cisco Unified SIP Proxy (CUSP)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Cisco has released free software updates that address the vulnerability for all the affected products except Cisco Business Edition 3000.
  • Users of Cisco Business Edition 3000 should contact their Cisco representative for available options.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple iTunes Multiple Vulnerabilities

24 Oct 2013 3121 Views

Next

Google Chrome Multiple Vulnerabilities

17 Oct 2013 3313 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY