CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11030

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution
https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution

Products affected by CVE-2019-11030

Mirasys » Mirasys Vms » Version: 7.6.0

cpe:2.3:a:mirasys:mirasys_vms:7.6.0
Mirasys » Mirasys Vms » Version: 8.0.0

cpe:2.3:a:mirasys:mirasys_vms:8.0.0
Mirasys » Mirasys Vms » Version: 8.3.1

cpe:2.3:a:mirasys:mirasys_vms:8.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11030

Products

Pricing

Contact Us