Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	APP:MISC:GE-MDS-PULSENET-ID
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	GE MDS PulseNET Remote Invocation Insecure Deserialization
Release Date	2018/06/14
Update Number	3074
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: GE MDS PulseNET Remote Invocation Insecure Deserialization

This signature detects attempts to exploit a known vulnerability in GE MDS PulseNET and PulseNET Enterprise. Successful exploitation can result in arbitrary code execution in the context of the user running PulseNET.

Extended Description

Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.

Affected Products

Ge mds_pulsenet 3.2.1

References

BugTraq: 104377
CVE: CVE-2018-10611

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: GE MDS PulseNET Remote Invocation Insecure Deserialization

Extended Description

Affected Products

References