VDB
CVE-2018-0125
CVE-2018-0125
PUBLISHED
KEV
CVSS 10 CRITICAL
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
EPSS 29.49% · 96.7th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
29.49%
96.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | rv134w_firmware | 1.0, 1.0, 1.0 |
| FasterXML | jackson-databind | *, * |
| n/a | Cisco RV132W and RV134W | Cisco RV132W and RV134W |
| cisco | rv132w_firmware | 1.0, 1.0, 1.0 |
Exploit Intelligence
- CVE-2017-17485:Jackson-databind RCE (github-poc)
- CVE-2017-17485:Jackson-databind RCE (github-poc)
- CVE-2017-17485:Jackson-databind RCE (github-poc)
- CVE-2017-17485:Jackson-databind RCE (github-poc)
- CVE-2017-17485:Jackson-databind RCE (github-poc)
- CVE-2017-17485:Jackson-databind RCE (github-poc)
- CVE-2017-17485:Jackson-databind RCE (github-poc)
- cve-2017-17485 PoC (github-poc)
- cve-2017-17485 PoC (github-poc)
- cve-2017-17485 PoC (github-poc)
…and 119 more exploits
Timeline
- Feb 7, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 28, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Mar 25, 2022 CISA KEV Added
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Dec 19, 2022 VulnCheck KEV Exploitation
- Mar 7, 2023 EPSS Score
- May 8, 2023 EPSS Score
References
- 103140 vdb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x url
- 1040336 vdb
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0125 url
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-vpcdi advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc advisory
- https://www-01.ibm.com/support/docview.wss?uid=ibm10870982 advisory
- https://www-01.ibm.com/support/docview.wss?uid=ibm10870976 advisory
- https://www-01.ibm.com/support/docview.wss?uid=ibm10870980 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-0125 advisory
- RHSA-2018:1448 vendor-advisory
- 103880 vdb
- RHSA-2018:0479 vendor-advisory
- RHSA-2018:0481 vendor-advisory
- RHSA-2018:1449 vendor-advisory
- RHSA-2018:1450 vendor-advisory
- RHSA-2018:0577 vendor-advisory
- RHSA-2018:0576 vendor-advisory
- RHSA-2017:3190 vendor-advisory
…and 23 more