The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
cpe:2.3:a:apache:commons_collections:*:*:*:*:*:*:*:* versions up to 3.2.1 (inclusive)
|99935||Cisco Security Manager Java Object Deserialization RCE (CSCux34671)||Nessus||Misc.|
|99934||Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647)||Nessus||Misc.|
|93939||Cisco Unified Communications Manager Java Object Deserialization RCE (CSCux34835)||Nessus||CISCO|