CVE-2020-10917

Name of the Vulnerable Software and Affected Versions: NEC ESMPRO Manager version 6.42

Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the RMI service, resulting from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this issue to execute code in the context of SYSTEM.

Recommendations: For NEC ESMPRO Manager version 6.42, consider disabling the RMI service until a patch is available to prevent exploitation. Restrict access to the RMI service to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this issue.