← Retour aux CVEs
CVE-2019-11029
N/ADescription
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality.
Details CVE
Score CVSS v3.1N/A
Publie8/22/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
mirasys:mirasys_vms
Faiblesses (CWE)
CWE-22
References
https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution(cve@mitre.org)
https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.