CVE-2019-11031

2019-08-2214:52:18

mitre

www.cve.org

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

57.1%

JSON

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.

References

www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution