9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability.
The vulnerability is due to insufficient sanitization of user-supplied
input. An attacker could exploit this vulnerability by sending crafted requests
consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An
exploit could allow the attacker to execute arbitrary code on the targeted system.
Cisco has released software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 customers should contact their Cisco representative for available options.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: