Vulnerabilities > CVE-2017-14702 - Deserialization of Untrusted Data vulnerability in Branaghgroup ERS Data System 1.8.1.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
branaghgroup
CWE-502
critical
exploit available

Summary

ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.

Vulnerable Configurations

Part Description Count
Application
Branaghgroup
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionERS Data System 1.8.1 - Java Deserialization. CVE-2017-14702. Remote exploit for Windows platform
fileexploits/windows/remote/42952.py
idEDB-ID:42952
last seen2017-10-04
modified2017-09-21
platformwindows
port
published2017-09-21
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42952/
titleERS Data System 1.8.1 - Java Deserialization
typeremote

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/144500/ersdatasystem-deserialize.txt
idPACKETSTORM:144500
last seen2017-10-06
published2017-10-03
reporterWest Shepherd
sourcehttps://packetstormsecurity.com/files/144500/ERS-Data-System-1.8.1-Java-Deserialization.html
titleERS Data System 1.8.1 Java Deserialization