In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.
The vulnerability exploits the .NET Remoting mechanism in the WATCHDOC application's administrative interface. An attacker can send specially crafted malicious serialized data to the vulnerable endpoint. The .NET Remoting library deserializes this data without proper validation, allowing arbitrary code execution in the server's context. The lack of authentication requirement and network attack vector (AV:N, PR:N, UI:N) make the exploit exceptionally easy to perform.
An attacker can gain full control over the server — execute arbitrary code (RCE), access sensitive data, modify system configuration, or completely disable the service. The scope of impact extends beyond the attacked component (S:C), creating a risk of lateral movement in the network.
DOXENSE WATCHDOC must be immediately updated to version 6.1.1.5332 or later. Patches and updates are available at https://update.doxense.com/. Until the patch is deployed, it is recommended to restrict access to the administrative interface only to trusted IP addresses through firewall or network segmentation.
DOXENSE WATCHDOC in all versions prior to 6.1.1.5332
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H