Cisco Hit by Java-deserialization Vulnerability

December 9, 2015—Cisco released an advisory saying that several of its products are vulnerable to a Java deserialization vulnerability discovered last November. The bug affects all applications that use the Apache Commons Collections (ACC) library and those that “deserializes arbitrary, user-supplied Java serialized data.”

The table below from The Register lists all the confirmed vulnerable Cisco products so far:

Cable Modems
Digital Life RMS for Cisco Broadband Access Center Telco Wireless 3.8.1 CSCux34660
Collaboration and Social Media
Cisco SocialMiner CSCux34833
Cisco WebEx Meetings Server versions 1.x CSCux34612
Cisco WebEx Meetings Server versions 2.x CSCux34612
Network Application, Service, and Acceleration
Cisco Visual Quality Experience Server CSCux34725
Cisco Visual Quality Experience Tools Server CSCux34725
Network and Content Security Devices
Cisco Secure Access Control Server (ACS) CSCux34781
Network Management and Provisioning
Cisco Configuration Professional CSCux35040
Cisco Digital Media Manager CSCux34692
Cisco Insight Reporter CSCux34694
Cisco Prime Collaboration Provisioning CSCux34669
Cisco Prime Home CSCux34668
Cisco Prime Performance Manager CSCux34953
Cisco Prime Provisioning for SPs CSCux34664
Cisco Prime Provisioning CSCux35084
Cisco Prime Service Catalog Virtual Appliance CSCux34715
Cisco Security Manager CSCux34671
Data Center Analytics Framework (DCAF) CSCux34575
Routing and Switching – Enterprise and Service Provider
Cisco Broadband Access Center Telco Wireless CSCux34645
Voice and Unified Communications Devices
Cisco Computer Telephony Integration Object Server (CTIOS) CSCux34589
Cisco IP Interoperability and Collaboration System (IPICS) CSCux34720
Cisco Management Heartbeat Server CSCux35009
Cisco MediaSense CSCux34874
Cisco Unified Contact Center Enterprise CSCux34589
Cisco Unified Intelligent Contact Management Enterprise CSCux34589
Cisco Unified SIP Proxy CSCux34567
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Media Experience Engines (MXE) CSCux34968
Cisco Show and Share CSCux34708
Cisco TelePresence Exchange System (CTX) CSCux34690
Cisco Videoscape Conductor CSCux34792
Cisco Hosted Services
Business Video Services Automation Software (BV) CSCux34572
Cisco Cloud Email Security CSCux34593
Cisco Registered Envelope Service (CRES) CSCux34591
Communication/Collaboration Sizing Tool, Virtual Machine Placement Tool, Cisco Unified Communications Upgrade Readiness Assessment CSCux34881
DCAF UCS Collector CSCux34924
Network Change and Configuration Management CSCux34580
Partner Supporting Service (PSS) 1.x CSCux34739
SI component of Partner Supporting Service CSCux34738
Serial Number Assessment Service (SNAS) CSCux34991
Smart Net Total Care (SNTC) CSCux34987


Comments are closed.