PT-2021-17172 · Netmotion · Netmotion Mobility

Steven Seeley

Published

2021-02-08

Updated

2021-02-24

CVE-2021-26915

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: NetMotion Mobility versions prior to 11.73 NetMotion Mobility versions 12.x prior to 12.02

Description: The issue allows unauthenticated remote attackers to execute arbitrary code as SYSTEM due to Java deserialization in the webrepdb StatusServlet.

Recommendations: For versions prior to 11.73, update to version 11.73 or later. For versions 12.x prior to 12.02, update to version 12.02 or later. As a temporary workaround, consider disabling the StatusServlet until a patch is available.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2021-26915

Affected Products

Netmotion Mobility

PT-2021-17172 · Netmotion · Netmotion Mobility

CVE-2021-26915

Weakness Enumeration

Related Identifiers

Affected Products

References · 6