An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.
References
Link | Resource |
---|---|
http://www.ozeki.hu/index.php?owpn=231 | Vendor Advisory |
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14030-RCE%20via%20.NET%20Deserialization-Ozeki%20SMS%20Gateway | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-29T13:08:12
Updated: 2020-09-29T13:08:12
Reserved: 2020-06-11T00:00:00
Link: CVE-2020-14030
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-30T18:15:21.537
Modified: 2020-10-09T18:42:18.283
Link: CVE-2020-14030
JSON object: View
Redhat Information
No data.
CWE