The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
2018-04-30T15:29:00.287
2024-11-21T04:12:56.057
Modified
CVSSv3.0: 8.1 (HIGH)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | milestonesys | xprotect | ≤ 12.1a | Yes |
| Application | milestonesys | xprotect | ≤ 12.1a | Yes |
| Application | milestonesys | xprotect | ≤ 12.1a | Yes |
| Application | milestonesys | xprotect | ≤ 12.1a | Yes |
| Application | milestonesys | xprotect | ≤ 12.1a | Yes |
| Application | siemens | siveillance_vms | < 10.0a | Yes |
| Application | siemens | siveillance_vms | < 10.1a | Yes |
| Application | siemens | siveillance_vms | < 10.2b | Yes |
| Application | siemens | siveillance_vms | < 11.1a | Yes |
| Application | siemens | siveillance_vms | < 11.2a | Yes |
| Application | siemens | siveillance_vms | < 12.1a | Yes |