Lucene search
RgodZDI-18-550HistoryJun 06, 2018 - 12:00 a.m.
GE MDS PulseNET Pooled Invoker Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2018-06-0600:00:00
rgod
www.zerodayinitiative.com
14
EPSS
0.04
Percentile
92.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of data from a Java RMI Pooled Invoker port. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code under the context of the service.
Related
cve
cve
CVE-2018-10611
2018-06-04 14:29:00
zdi
zdi
cvelist
cvelist
CVE-2018-10611
2018-06-04 14:00:00
nvd
nvd
CVE-2018-10611
2018-06-04 14:29:00
checkpoint_advisories
checkpoint_advisories
GE MDS PulseNET Insecure Deserialization (CVE-2018-10611)
2019-02-17 00:00:00
prion
prion
Remote code execution
2018-06-04 14:29:00
ics
ics
GE MDS PulseNET and MDS PulseNET Enterprise
2018-05-31 12:00:00