PT-2018-9235 · Nasa · Rtretrievalframework

Nitin Arya

Published

2018-02-09

Updated

2018-03-01

CVE-2018-1000048

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: NASA RtRetrievalFramework version v1.0

Description: The issue concerns a remote code execution flaw in the Data retrieval functionality of the RtRetrieval framework. This can be exploited when a victim attempts to retrieve and process a weather data file.

Recommendations: For NASA RtRetrievalFramework version v1.0, consider disabling the Data retrieval functionality until a patch is available to prevent potential remote code execution. Restrict access to the weather data file processing feature to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-1000048

Affected Products

Rtretrievalframework

PT-2018-9235 · Nasa · Rtretrievalframework

CVE-2018-1000048

Weakness Enumeration

Related Identifiers

Affected Products

References · 3