Deserialization of untrusted data

2018-04-3015:29:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

High

0.056 Low

EPSS

Percentile

93.3%

JSON

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.

CPENameOperatorVersion
xprotecteq>= 10.0.a AND <= 12.1a
xprotecteq>= 10.0.a AND <= 12.1a
xprotecteq>= 10.0.a AND <= 12.1a
xprotecteq>= 10.0.a AND <= 12.1a
xprotecteq>= 10.0.a AND <= 12.1a
siveillance_vmseq< 10.0a
siveillance_vmseq< 10.1a
siveillance_vmseq< 10.2b
siveillance_vmseq< 11.1a
siveillance_vmseq< 11.2a

Name	Operator	Version
xprotect	eq	>= 10.0.a AND <= 12.1a
xprotect	eq	>= 10.0.a AND <= 12.1a
xprotect	eq	>= 10.0.a AND <= 12.1a
xprotect	eq	>= 10.0.a AND <= 12.1a
xprotect	eq	>= 10.0.a AND <= 12.1a
siveillance_vms	eq	< 10.0a
siveillance_vms	eq	< 10.1a
siveillance_vms	eq	< 10.2b
siveillance_vms	eq	< 11.1a
siveillance_vms	eq	< 11.2a