Lucene search

[email protected]NVD:CVE-2019-19810

HistoryOct 28, 2021 - 11:15 a.m.

CVE-2019-19810

2021-10-2811:15:07

CWE-502

[email protected]

web.nvd.nist.gov

zoom call recording

eleveo

java deserialization

rmi service

vulnerability

remote attacker

arbitrary code

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.007

Percentile

80.2%

JSON

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.

Affected configurations

Nvd

Node

eleveocall_recordingMatch6.3.1

VendorProductVersionCPE
eleveocall_recording6.3.1cpe:2.3:a:eleveo:call_recording:6.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eleveo	call_recording	6.3.1	cpe:2.3:a:eleveo:call_recording:6.3.1:::::::*

References

github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.007

Percentile

80.2%

JSON

Related for NVD:CVE-2019-19810

prion1 cve1 cvelist1