CVE-2017-9830

CRITICAL

Code42 CrashPlan <5.4 - RCE

Title source: llm

Description

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.

Exploits (1)

nomisec WORKING POC 1 stars
by securifera · poc
https://github.com/securifera/CVE-2017-9830

References (1)

Scores

CVSS v3 9.8
EPSS 0.0924
EPSS Percentile 92.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status draft

Affected Products (1)

code42/crashplan

Timeline

Published Jun 27, 2017
Tracked Since Feb 18, 2026