CVE-2019-19810 – CVE-2019-19810 is a critical Java deserializati... (How to Fix)

Q: What is the severity of CVE-2019-19810?

CVE-2019-19810 has a CVSS score of 10.0 (CRITICAL). CVE-2019-19810 is a critical Java deserialization vulnerability in Zoom Call Recording 6.3.1 from Eleveo that allows remote unauthenticated attackers to execute arbitrary code via crafted RMI requests. This affects organizations using the vulnerable version of the Zoom Call Recording software. The vulnerability stems from insecure deserialization in the built-in RMI service.

📋 TL;DR

CVE-2019-19810 is a critical Java deserialization vulnerability in Zoom Call Recording 6.3.1 from Eleveo that allows remote unauthenticated attackers to execute arbitrary code via crafted RMI requests. This affects organizations using the vulnerable version of the Zoom Call Recording software. The vulnerability stems from insecure deserialization in the built-in RMI service.

💻 Affected Systems

Products:

Zoom Call Recording from Eleveo

Versions: 6.3.1

Operating Systems: Any OS running Java

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the built-in RMI service which is typically enabled by default.

📦 What is this software?

Call Recording by Eleveo

View all CVEs affecting Call Recording →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the host, installing malware, stealing data, and pivoting to other systems.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or creation of persistent backdoors.

🟢

If Mitigated

No impact if proper network segmentation and access controls prevent RMI service exposure.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, any attacker with network access to the RMI service can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists and the attack requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.3.2 or later

Vendor Advisory: https://www.eleveo.com/security-advisory/

Restart Required: Yes

Instructions:

1. Download the latest version from Eleveo. 2. Backup current configuration. 3. Install the update. 4. Restart the Zoom Call Recording service.

🔧 Temporary Workarounds

Block RMI Ports

linux

Block network access to the RMI service ports (typically 1099/tcp and 1098/tcp)

iptables -A INPUT -p tcp --dport 1099 -j DROP
iptables -A INPUT -p tcp --dport 1098 -j DROP

Disable RMI Service

all

Configure the application to disable the RMI service if not required

Edit application configuration to set rmi.enabled=false

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable system from untrusted networks
Deploy application-level firewalls or WAF with deserialization attack detection rules

🔍 How to Verify

Check if Vulnerable:

Check if Zoom Call Recording version is 6.3.1 and RMI service is accessible on ports 1099/tcp or 1098/tcp

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Verify version is 6.3.2 or later and test RMI service with deserialization payloads

📡 Detection & Monitoring

Log Indicators:

Unusual RMI connection attempts
Java deserialization errors in application logs
Suspicious process creation

Network Indicators:

RMI traffic to ports 1099/tcp or 1098/tcp with unusual payloads
Outbound connections from the system after RMI requests

SIEM Query:

source="zoom-call-recording.log" AND ("RMI" OR "deserialization" OR "1099" OR "1098")

📊 Metadata

CVE ID: CVE-2019-19810

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-502

Published: October 28, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording Exploit,Third Party Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19810, you might also want to check these: