PT-2022-12989 · Mmp+2 · Mmp+2
Noam Moshe
·
Published
2022-02-18
·
Updated
2022-02-26
·
CVE-2022-0138
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MMP versions prior to 1.0.3
PTP C-series versions prior to 2.8.6.1
PTMP C-series versions prior to 2.5.4.1
A5x versions prior to 2.5.4.1
Description
The issue is related to a deserialization function that does not validate or check the data, allowing arbitrary classes to be created. This could potentially lead to exploitation.
Recommendations
For MMP versions prior to 1.0.3, update to version 1.0.3 or later.
For PTP C-series versions prior to 2.8.6.1, update to version 2.8.6.1 or later.
For PTMP C-series versions prior to 2.5.4.1, update to version 2.5.4.1 or later.
For A5x versions prior to 2.5.4.1, update to version 2.5.4.1 or later.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A5X
Mmp
Ptmp C-Series