Vulnerability Details CVE-2017-15290
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://ipvm.com/forums/video-surveillance/topics/mirasys-happy-with-bad-security-unless-hit-with-bad-press
- https://www.dropbox.com/s/un43q74ie55wtpe/mirasys-vms-leak-2017.zip?dl=1
- https://ipvm.com/forums/video-surveillance/topics/mirasys-happy-with-bad-security-unless-hit-with-bad-press
- https://www.dropbox.com/s/un43q74ie55wtpe/mirasys-vms-leak-2017.zip?dl=1
Products affected by CVE-2017-15290
-
cpe:2.3:a:mirasys:video_management_system:6.2.5
-
cpe:2.3:a:mirasys:video_management_system:7.0.1
-
cpe:2.3:a:mirasys:video_management_system:7.3.1
-
cpe:2.3:a:mirasys:video_management_system:7.3.3
-
cpe:2.3:a:mirasys:video_management_system:7.5.11
-
cpe:2.3:a:mirasys:video_management_system:7.5.2
-
cpe:2.3:a:mirasys:video_management_system:7.5.3
-
cpe:2.3:a:mirasys:video_management_system:7.5.7
-
cpe:2.3:a:mirasys:video_management_system:8.0.0
-
cpe:2.3:a:mirasys:video_management_system:8.1.0