Cisco confirmed that at least some of its products are affected by an Apache Struts 2 command execution vulnerability tracked as CVE-2017-5638. The vulnerability affects the Jakarta-based file upload Multipart Parser under Apache Strut 2.5 through 2.3.31 and Struts. The issue is documented at Rapid7s Metasploit Framework GitHub site and attackers in the wild are exploiting a publicly available PoC code that triggers the vulnerability. Tinfoil Security has published an online tool that allows website owners to check if they are vulnerable.”]
Source: https://securityaffairs.co/wordpress/57104/hacking/cve-2017-5638-flaw-cisco.html