Vulnerabilities > CVE-2021-26912 - Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

netmotionsoftware

CWE-502

NVD

Published: 2021-02-08

Updated: 2021-02-23

Summary

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.

Vulnerable Configurations

Part	Description	Count
Application	Netmotionsoftware Netmotionsoftware Netmotion Mobility 12.0 Netmotionsoftware Netmotion Mobility *	2

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
https://ssd-disclosure.com/?p=4676