Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647)
Critical Nessus Plugin ID 99934
SynopsisA network management system running on the remote host is affected by a remote code execution vulnerability.
DescriptionThe Cisco Prime Lan Management Solution (LMS) running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted RMI request, to execute arbitrary code on the target host.
SolutionNo release is planned by the vendor to fix this vulnerability.