CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.4%
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.
Vendor | Product | Version | CPE |
---|---|---|---|
honeywell | maxpro_nvr_xe | - | cpe:2.3:h:honeywell:maxpro_nvr_xe:-:*:*:*:*:*:*:* |
honeywell | maxpro_nvr_xe_firmware | * | cpe:2.3:o:honeywell:maxpro_nvr_xe_firmware:*:*:*:*:*:*:*:* |
honeywell | maxpro_nvr_se | - | cpe:2.3:h:honeywell:maxpro_nvr_se:-:*:*:*:*:*:*:* |
honeywell | maxpro_nvr_se_firmware | * | cpe:2.3:o:honeywell:maxpro_nvr_se_firmware:*:*:*:*:*:*:*:* |
honeywell | maxpro_nvr_pe | - | cpe:2.3:h:honeywell:maxpro_nvr_pe:-:*:*:*:*:*:*:* |
honeywell | maxpro_nvr_pe_firmware | * | cpe:2.3:o:honeywell:maxpro_nvr_pe_firmware:*:*:*:*:*:*:*:* |
honeywell | mpnvrswxx | - | cpe:2.3:h:honeywell:mpnvrswxx:-:*:*:*:*:*:*:* |
honeywell | mpnvrswxx_firmware | * | cpe:2.3:o:honeywell:mpnvrswxx_firmware:*:*:*:*:*:*:*:* |
honeywell | hnmswvms | - | cpe:2.3:h:honeywell:hnmswvms:-:*:*:*:*:*:*:* |
honeywell | hnmswvms_firmware | * | cpe:2.3:o:honeywell:hnmswvms_firmware:*:*:*:*:*:*:*:* |
[
{
"product": "Honeywell Maxpro VMS & NVR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.4%