PT-2021-17170 · Netmotion · Netmotion Mobility
Steven Seeley
·
Published
2021-02-08
·
Updated
2021-02-23
·
CVE-2021-26913
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
NetMotion Mobility versions prior to 11.73
NetMotion Mobility versions 12.x prior to 12.02
Description:
The issue allows unauthenticated remote attackers to execute arbitrary code as SYSTEM due to Java deserialization in
RpcServlet.Recommendations:
For versions prior to 11.73, update to version 11.73 or later.
For versions 12.x prior to 12.02, update to version 12.02 or later.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netmotion Mobility