Security Updates - CVE Database
Home » Security Updates ยป CVE-2021-3287

CVE-2021-3287

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported on 21st January 2021
Reported by Johannes Mortiz, an independent Security researcher
Fixed on 8th February 2020
Affected Builds → Build 12.5.219 & below
Fixed in Builds 125220, 125314 and 125329
Overview Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class
Recommended Fix

→ For builds upto 125219, please upgrade to Firewall Analyzer version 125220 or above.

Description

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

We recommend that you upgrade to Firewall Analyzer version 12.5.220 (for builds upto 125219) to fix the issue.

Source and Acknowledgements

Find out more about CVE-2021-3287 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at fwanalyzer-support@manageengine.com

A single platter for comprehensive Network Security Device Management
Quick LinksNetwork Bandwidth ReportsNetwork Security & Device MgmtLog ManagementCompliance & MSSP Features