Versions of Cisco Security Monitoring, Analysis, and Response System (CS-MARS) prior to 4.2.1 contain a vulnerability in the JBoss web application server that could allow an unauthenticated, remote attacker to execute arbitrary commands with elevated privileges. CS-MARS ships with the JBoss web application server.
The vulnerability is due to a sanitation error in an included component of the JBoss installation. An attacker with the ability to submit a malformed HTTP request to the affected device could exploit this vulnerability to execute arbitrary commands with CS-MARS administrator privileges.
Cisco has confirmed this vulnerability in a security advisory and released an updated version.