Описание
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.
Ссылки
- Vendor Advisory
- PatchThird Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.17.6 (включая)
cpe:2.3:a:ozeki:ozeki_ng_sms_gateway:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.03001
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.
EPSS
Процентиль: 86%
0.03001
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502