PT-2023-8157 · Voltronic Power · Voltronic Power Viewpower

Esj4Y

Publicado

2023-12-20

Atualizado

2025-07-07

CVE-2023-51570

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Voltronic Power ViewPower Pro (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this issue. The specific flaw exists within the RMI interface, which listens on TCP port 41009 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this issue to execute code in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

RCE

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

BDU:2024-00141

CVE-2023-51570

ZDI-23-1876

Produtos afetados

Voltronic Power Viewpower

PT-2023-8157 · Voltronic Power · Voltronic Power Viewpower

CVE-2023-51570

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11