8.1
CVE-2018-7891
- EPSS 3.78%
- Published 30.04.2018 15:29:00
- Last modified 21.11.2024 04:12:56
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
Data is provided by the National Vulnerability Database (NVD)
Milestonesys ≫ Xprotect SwEditioncorporate Version >= 10.0.a <= 12.1a
Milestonesys ≫ Xprotect SwEditionessential+ Version >= 10.0.a <= 12.1a
Milestonesys ≫ Xprotect SwEditionexpert Version >= 10.0.a <= 12.1a
Milestonesys ≫ Xprotect SwEditionexpress+ Version >= 10.0.a <= 12.1a
Milestonesys ≫ Xprotect SwEditionprofessional+ Version >= 10.0.a <= 12.1a
Siemens ≫ Siveillance Vms Version < 10.0a
Siemens ≫ Siveillance Vms Version < 10.1a
Siemens ≫ Siveillance Vms Version < 10.2b
Siemens ≫ Siveillance Vms Version < 11.1a
Siemens ≫ Siveillance Vms Version < 11.2a
Siemens ≫ Siveillance Vms Version < 12.1a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.78% | 0.876 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.