CVE-2018-18013

Name of the Vulnerable Software and Affected Versions Xen Mobile versions prior to 10.8.0

Description The issue arises from a service listening on port 5001 within the firewall of Xen Mobile, which accepts unauthenticated input. This service deserializes raw serialized Java objects into Java objects in memory, potentially leading to remote code execution. The vendor disputes this as a vulnerability, citing mitigation by an internal firewall limiting access to configuration services to localhost.

Recommendations For versions prior to 10.8.0, as a temporary workaround, consider restricting access to the service listening on port 5001 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.