CVE-2018-15394, CVE-2018-15381: Cisco Stealthwatch Management Console & Cisco Unity Express Vulnerability
On November 7th, Cisco officially issued a security notice that it fixed two high-risk vulnerabilities in Cisco Stealthwatch Management Console and Cisco Unity Express. CVE-2018-15394, the vulnerability stems from a hidden danger in the system configuration, an unauthorized attacker can remotely bypass the verification process so that the code is executed as an administrator on the affected system. CVE-2018-15381, the vulnerability stems from the fact that the user-supplied content is deserialized without adequate filtering. An attacker could send a malicious java serialization object to the affected system RMI service to trigger the vulnerability, and execute any shell command with root privileges.
Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
CVE-2018-15394
CVSS 3.0: 9.8
AV: N/AC: L/PR: N/UI: N/S: U/C: H/I: H/A: H/E: X/RL: X/RC: X
The vulnerability stems from a hidden danger in the system configuration. An unauthorized attacker can remotely bypass the verification process and execute the code as an administrator on the affected system.
Affected version
Cisco Stealthwatch Enterprise releases <= 6.10.2
Unaffected version
Cisco Stealthwatch Enterprise releases 6.10.3
Solution:
Cisco has released a new version to fix the above vulnerability, and affected users can log in here to update.
Cisco Unity Express Arbitrary Command Execution
CVE-2018-15381
CVSS 3.0: 9.8
AV: N/AC: L/PR: N/UI: N/S: U/C: H/I: H/A: H/E: X/RL: X/RC: X
The vulnerability stems from the fact that deserialization of user-provided content is not adequately filtered. An attacker could send a malicious java serialization object to the affected system RMI service to trigger the vulnerability, and execute any shell command with root privileges.
Affected version
Cisco Unity Express release < 9.0.6
Unaffected version
Cisco Unity Express release 9.0.6
Solution
Cisco has released a new version to fix the above vulnerability. Affected users can log in here to update.