CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-19810

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile16.84th
Published2021年10月28日
Last Modified2024年11月21日

Vulnerability Description

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.

Affected Platforms (CPE)

📦
Eleveo

Call Recording

= 6.3.1

References & Advisories

🔗 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording
🔗 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording

関連する脆弱性情報

CVE-2017-84089.8

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the...

CVE-2017-84049.8

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the...

CVE-2021-433009.8

Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer over...

CVE-2017-91039.8

An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, a...