A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the malicious user to execute arbitrary code on the device with root privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
siemens sinec nms |
||
siemens sinec nms 1.0 |