CVE-2019-19810

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
eleveocall_recording
6.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording