What is CVE-2021-26914?

CVE-2021-26914 is a vulnerability in N/a. Published 2021-02-08.

Is CVE-2021-26914 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-26914

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.

EPSS: 0.644 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon
AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
BrittanyKuhn/javascript-tutorial
GrrrDog/Java-Deserialization-Cheat-Sheet
mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet

References

ssd-disclosure.com/ (x_refsource_MISC)
www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobilit… (x_refsource_MISC)
ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserializat… (x_refsource_MISC)
packetstormsecurity.com/files/162617/NetMotion-Mobility-Server-MvcUtil-Java-Des… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-26914?: CVE-2021-26914 is a vulnerability in N/a. Published 2021-02-08.
Is CVE-2021-26914 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.