← Retour aux CVEs
CVE-2019-11030
N/ADescription
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.
Details CVE
Score CVSS v3.1N/A
Publie8/22/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
mirasys:mirasys_vms
Faiblesses (CWE)
CWE-502CWE-798
References
https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution(cve@mitre.org)
https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.