CVE-2018-7891

EUVD-2018-19603
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
milestonesysxprotect
10.0.a ≤
𝑥
≤ 12.1a
siemenssiveillance_vms
𝑥
< 10.0a
siemenssiveillance_vms
𝑥
< 10.1a
siemenssiveillance_vms
𝑥
< 10.2b
siemenssiveillance_vms
𝑥
< 11.1a
siemenssiveillance_vms
𝑥
< 11.2a
siemenssiveillance_vms
𝑥
< 12.1a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104120
https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US
http://www.securityfocus.com/bid/104120
https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US