7.5

CVE-2017-15290

Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MirasysVideo Management System Version6.2.5
MirasysVideo Management System Version7.0.1
MirasysVideo Management System Version7.3.1
MirasysVideo Management System Version7.3.3
MirasysVideo Management System Version7.5.2
MirasysVideo Management System Version7.5.3
MirasysVideo Management System Version7.5.7
MirasysVideo Management System Version7.5.11
MirasysVideo Management System Version8.0.0
MirasysVideo Management System Version8.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.501
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://ipvm.com/forums/video-surveillance/topics/mirasys-happy-with-bad-security-unless-hit-with-bad-press
Third Party Advisory
https://www.dropbox.com/s/un43q74ie55wtpe/mirasys-vms-leak-2017.zip?dl=1
Third Party Advisory