CVE-2018-0147 — Cisco Secure Access Control System (ACS)

Cisco Secure Access Control System Java Deserialization Vulnerability

Added to KEV

2022-03-25

Federal due date

2022-04-15

Vendor

Cisco

Product

Secure Access Control System (ACS)

EPSS

88.6th percentile (score 0.040, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2018-0147

CISA short description

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.