Lucene search

MitreCVE-2019-11031

HistoryAug 22, 2019 - 3:15 p.m.

CVE-2019-11031

2019-08-2215:15:12

CWE-434

mitre

web.nvd.nist.gov

mirasys

vms

cve-2019-11031

idvrupdateservice2

dvrserver.exe

auto-update

security vulnerability

system privileges

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

57.1%

JSON

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.

Affected configurations

Nvd

Node

mirasysmirasys_vmsRange<7.6.1

mirasysmirasys_vmsRange8.0.0–8.3.2

VendorProductVersionCPE
mirasysmirasys_vms*cpe:2.3:a:mirasys:mirasys_vms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mirasys	mirasys_vms	*	cpe:2.3:a:mirasys:mirasys_vms::::::::

References

www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

57.1%

JSON

Related for CVE-2019-11031