Vulnerabilities > CVE-2018-7891 - Deserialization of Untrusted Data vulnerability in multiple products

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

milestonesys

siemens

CWE-502

NVD

Published: 2018-04-30

Updated: 2018-06-13

Summary

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Milestonesys Milestonesys Xprotect 10.0.A Milestonesys Xprotect 12.1A	10
Application	Siemens Siemens Siveillance VMS * Siemens Siveillance VMS 10.0A Siemens Siveillance VMS 10.1A Siemens Siveillance VMS 10.2B Siemens Siveillance VMS 11.1A Siemens Siveillance VMS 11.2A	6

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References