Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Siemens SINEC NMS 代码问题漏洞
Vulnerability Description
Siemens SINEC NMS是德国西门子(Siemens)公司的 一个网络管理系统 (NMS),该系统可用于全天候集中监控、管理和配置具有数万台设备的工业网络,包括与安全相关的领域。 SINEC NMS 1.0 SP2 Update 1之前版本存在代码问题漏洞,该漏洞源于受影响的系统允许将JSON对象反序列化为JAVA对象。具有特权的攻击者可利用该漏洞通过发送精心制作的序列化Java对象来利用该漏洞。
CVSS Information
N/A
Vulnerability Type
N/A