Vulnerability Description
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netmotionsoftware | Netmotion Mobility | < 11.73 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162617/NetMotion-Mobility-Server-MvcUtil-JaExploitThird Party AdvisoryVDB Entry
- https://ssd-disclosure.com/?p=4676ExploitThird Party Advisory
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserExploitThird Party Advisory
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-Vendor Advisory
- http://packetstormsecurity.com/files/162617/NetMotion-Mobility-Server-MvcUtil-JaExploitThird Party AdvisoryVDB Entry
- https://ssd-disclosure.com/?p=4676ExploitThird Party Advisory
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserExploitThird Party Advisory
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-Vendor Advisory
FAQ
What is CVE-2021-26914?
CVE-2021-26914 is a vulnerability with a CVSS score of 8.1 (HIGH). NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
How severe is CVE-2021-26914?
CVE-2021-26914 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26914?
Check the references section above for vendor advisories and patch information. Affected products include: Netmotionsoftware Netmotion Mobility.