Vulnerability Description
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Milestonesys | Xprotect | >= 10.0.a, <= 12.1a |
| Siemens | Siveillance Vms | < 10.0a |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104120Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdfMitigationThird Party Advisory
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vuVendor Advisory
- http://www.securityfocus.com/bid/104120Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdfMitigationThird Party Advisory
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vuVendor Advisory
FAQ
What is CVE-2018-7891?
CVE-2018-7891 is a vulnerability with a CVSS score of 8.1 (HIGH). The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to de...
How severe is CVE-2018-7891?
CVE-2018-7891 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7891?
Check the references section above for vendor advisories and patch information. Affected products include: Milestonesys Xprotect, Siemens Siveillance Vms.