Skip to main content

Cisco Products Apache Struts 2 Command Execution Vulnerability

Last Update Date: 25 Oct 2013 10:06 Release Date: 25 Oct 2013 3861 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability has been identified in multiple Cisco products, which include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability.

 

The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system.


Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco Business Edition 3000
  • Cisco Identity Services Engine (ISE)
  • Cisco Media Experience Engine (MXE) 3500 Series
  • Cisco Unified SIP Proxy (CUSP)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Cisco has released free software updates that address the vulnerability for all the affected products except Cisco Business Edition 3000.
  • Users of Cisco Business Edition 3000 should contact their Cisco representative for available options.

Vulnerability Identifier


Source


Related Link