Vulnerabilities > CVE-2018-7891 - Deserialization of Untrusted Data vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 | |
Application | 6 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/104120
- http://www.securityfocus.com/bid/104120
- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US