CVE-2018-7891

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
siemenssiveillance_vms
𝑥
< 10.0a
siemenssiveillance_vms
𝑥
< 10.1a
siemenssiveillance_vms
𝑥
< 10.2b
siemenssiveillance_vms
𝑥
< 11.1a
siemenssiveillance_vms
𝑥
< 11.2a
siemenssiveillance_vms
𝑥
< 12.1a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104120
https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US
http://www.securityfocus.com/bid/104120
https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US