CVE-2015-6420
Description
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
21.2
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections 3.2.2 | Windows |
| Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections4 4.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1 | Windows |
| Vulnerabilities CVE-2015-6420 are affected in Sourceforge - collections-generic 4.0.1 | Windows |
| Vulnerabilities CVE-2015-6420 are affected in Apache - org.apache.servicemix.bundles.collections-generic 4.01 | Windows |
| Vulnerabilities CVE-2015-6420 are affected in Apache - org.apache.servicemix.bundles.commons-collections 3.2.1 | Windows |
| Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections for Linux 3.2.2 | Linux |
| Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections4 for Linux 4.1 | Linux |
| Vulnerabilities CVE-2015-6420 are affected in Sourceforge - collections-generic for Linux 4.0.1 | Linux |
| Vulnerabilities CVE-2015-6420 are affected in Apache - org.apache.servicemix.bundles.collections-generic for Linux 4.01 | Linux |
| Vulnerabilities CVE-2015-6420 are affected in Apache - org.apache.servicemix.bundles.commons-collections for Linux 3.2.1 | Linux |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Emergency Responder | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco MediaSense | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Mobility Services Engine | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Prime Home | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Prime Infrastructure | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Prime Optical | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Prime Performance Manager | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Prime Provisioning | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Prime Service Catalog | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Security Manager | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco UCS Director | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified Contact Center Enterprise | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified E-Mail Interaction Manager | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified Intelligence Center | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified SIP Proxy | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unity Connection | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unity Express | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Applications for Cisco Unified Application Environment | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco IronPort Encryption Appliance Software | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Broadband Access Center for Telco and Wireless | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For CiscoWorks Common Services Software | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Access Registrar | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Prime Collaboration | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Virtual Network Management Center | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Collaboration Meeting Rooms (CMR) | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Digital Media Manager | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified Communications Licensing | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Videoscape Distribution Suite for Internet Streaming | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco ASA Next-Generation Firewall Services | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Secure Access Control Server Solution Engine | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Conductor | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified Attendant Consoles | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified Communications Manager (CallManager) | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Hosted Collaboration Solution (HCS) | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco NAC Appliance (Clean Access) | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified Customer Voice Portal | NCM |
| Vulnerability in Java Deserialization Affecting Cisco Products For Cisco Unified MeetingPlace | NCM |
| Deserialization of Untrusted Data Vulnerability (CVE-2015-6420) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706049 | Security Update for Cisco Emergency Responder 12.0(0.98000.50) |
| PATCH-1705879 | Security Update for Cisco MediaSense 11.5(1.10000.6) |
| PATCH-1705808 | Security Update for Cisco Mobility Services Engine 8.0(130.12) |
| PATCH-1701797 | Security Update for Cisco Prime Home 6.5(1) |
| PATCH-1705595 | Security Update for Cisco Prime Infrastructure 2.2(2) |
| PATCH-1706040 | Security Update for Cisco Prime Optical 10.6(1) |
| PATCH-1706037 | Security Update for Cisco Prime Performance Manager 1.7(0.1703) |
| PATCH-1705717 | Security Update for Cisco Prime Provisioning 6.8 |
| PATCH-1706010 | Security Update for Cisco Prime Service Catalog 11.1_VA_OS_Patch |
| PATCH-1705795 | Security Update for Cisco Security Manager 4.12(0.64) |
| PATCH-1705947 | Security Update for Cisco UCS Director 6.0(1.0) |
| PATCH-1705943 | Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0) |
| PATCH-1705669 | Security Update for Cisco Unified E-Mail Interaction Manager 11.0(1) |
| PATCH-1705886 | Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126) |
| PATCH-1705497 | Security Update for Cisco Unified SIP Proxy 8.5(5) |
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1703070 | Security Update for Cisco Unity Express 6.2.1 |
| PATCH-1705477 | Security Update for CiscoWorks Common Services Software 4.2(4) |
| PATCH-1706039 | Security Update for Cisco Access Registrar 8.0 |
| PATCH-1705997 | Security Update for Cisco Prime Collaboration 11.0(0.815) |
| PATCH-1705797 | Security Update for Cisco Digital Media Manager 5.6.3 |
| PATCH-1706042 | Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2) |
| PATCH-1705993 | Security Update for Cisco Videoscape Distribution Suite for Internet Streaming 3.11(6.2) |
| PATCH-1705897 | Security Update for Cisco ASA Next-Generation Firewall Services 100.6(0.0.181) |
| PATCH-1705698 | Security Update for Cisco Secure Access Control Server Solution Engine 5.8(0.32.2) |
| PATCH-1705867 | Security Update for Cisco Conductor 3.600 |
| PATCH-1706047 | Security Update for Cisco Unified Attendant Consoles 11.0(2) |
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
| PATCH-1706050 | Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24) |
| PATCH-1705725 | Security Update for Cisco NAC Appliance (Clean Access) 4.9(5) |
| PATCH-1705727 | Security Update for Cisco Unified Customer Voice Portal 11.0(1)SR0(24) |
| PATCH-1705973 | Security Update for Cisco Unified MeetingPlace 8.6(2.45) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234