Unauthenticated Remote Code Execution Vulnerability
This document will explain you about the Java deserialization vulnerability reported by Offensive Security Group Security Advisory which allows,
- Unauthenticated arbitrary code can be executed on the server where Firewall Analyzer is installed.
||Fix Released on
What was the Problem?
- Unauthenticated arbitrary code can be executed on the server where Firewall Analyzer is installed. This allows users to execute payloads.
How do I fix it?
This has been identified and fixed on 11-December-2018. To apply this fix, follow the below steps:
- Go to https://www.manageengine.com/products/firewall/service-packs.html
- You can find the latest build 123231 or higher versions which has the fix. Download the PPM and update.