CVE-2018-0147

CVE-2018-0147

Vendor N/A

Product Cisco Secure Access Control System

Weakness CWE-20 · Input validation

KEV Status Known Exploited

Published March 8, 2018

Last update January 12, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

March 8, 2018 CVE published

January 12, 2026 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-0147 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2018-0147

Related vulnerabilities

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE