Blog | G5 Cyber Security

Hardcoded password and Java deserialization flaws found in Cisco products

The set of security updates released by Cisco also includes two advisories for critical vulnerabilities. A hardcoded password, tracked as CVE-2018-0141, can be exploited by local attackers to gain full control over a vulnerable equipment. A Java deserialization flaw can allow an unauthenticated, remote attacker to execute arbitrary commands with root privileges on an affected device. The vulnerability has received a Common Vulnerability Scoring System (CVSS) Base score of 5.9, a score normally assigned to medium-severity flaws.”]

Source: https://securityaffairs.co/wordpress/70003/hacking/cisco-hardcoded-password.html

Exit mobile version