MS-ISAC CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Vulnerability in Cisco Products Could Allow Remote Code Execution
A vulnerability has been discovered affecting Cisco products. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause denial-of-service conditions.
There are currently no reports of this vulnerability being exploited in the wild.
Products from the following Cisco product categories are affected:
Collaboration and Social Media
Endpoint Clients and Client Software
Network Application, Service, and Acceleration
Network and Content Security Devices
Network Management and Provisioning
Routing and Switching - Enterprise and Service Provider
Voice and Unified Communications Devices
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Hosted Services
Please visit the link below for a detailed list of the specific affected products: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
(Note: Additional products may be included at a later date as Cisco is currently investigating the scope of this vulnerability).
Large and medium government entities: High
Small government entities: High
Large and medium business entities: High
Small business entities: High
Home users: High
A remote code execution vulnerability exists in several Cisco products due to a Java deserialization issue that is used by the Apache Commons Collections (ACC) library. An attacker may exploit this vulnerability by submitting specially crafted input to an application on a targeted Cisco system that uses the ACC library. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause denial-of-service conditions.
We recommend the following actions be taken:
Verify no unauthorized system modifications have occurred on system before applying patch.
Once a patch is released by Cisco, update immediately after appropriate testing.
Monitor intrusion detection systems for any signs of anomalous activity.
Unless required, limit external network access to affected products.