Vulnerabilities > CVE-2020-24639 - Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
arubanetworks
CWE-502
critical

Summary

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

Common Weakness Enumeration (CWE)