CVE-2019-19810 — CRITICAL (10.0)

Vulnerability Description

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Eleveo	Call Recording	6.3.1

Related Weaknesses (CWE)

CWE-502

References

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RExploitThird Party Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RExploitThird Party Advisory

FAQ

What is CVE-2019-19810?

CVE-2019-19810 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craft...

How severe is CVE-2019-19810?

CVE-2019-19810 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-19810?

Check the references section above for vendor advisories and patch information. Affected products include: Eleveo Call Recording.