CVE-2023-45146

CRITICAL

9.0

Descripcion

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.

Detalles CVE

Puntuacion CVSS v3.19.0

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado10/18/2023

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

xxl-rpc_project:xxl-rpc

Debilidades (CWE)

CWE-502CWE-502

Referencias

https://securitylab.github.com/advisories/GHSL-2023-052_XXL-RPC/(security-advisories@github.com)

https://securitylab.github.com/advisories/GHSL-2023-052_XXL-RPC/(af854a3a-2127-422b-91ae-364da2661108)

https://www.vicarius.io/vsociety/posts/xxl-rpc-rce-cve-2023-45146(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.