Vulnerabilities > CVE-2019-19810 - Deserialization of Untrusted Data vulnerability in Eleveo Call Recording 6.3.1

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
eleveo
CWE-502
critical

Summary

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.

Vulnerable Configurations

Part Description Count
Application
Eleveo
1

Common Weakness Enumeration (CWE)