CVE-2017-10932
Last modified
CVE-2017-10932 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.. EPSS estimates a 4.14% chance of exploitation in the next 30 days.
Description
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zte | Nr8120 Firmware | < 12.17.20 |
| Zte | Nr8120a Firmware | < 12.17.20 |
| Zte | Nr8150 Firmware | < 12.17.20 |
| Zte | Nr8250 Firmware | < 12.17.20 |
| Zte | Nr8000tr Firmware | < 12.17.20 |
| Zte | Nr8950 Firmware | < 12.17.20 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-10932?
How severe is CVE-2017-10932?
How do I fix CVE-2017-10932?
Are you affected by CVE-2017-10932?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST