Vulnerability Details CVE-2019-11031
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-11031
-
cpe:2.3:a:mirasys:mirasys_vms:7.6.0
-
cpe:2.3:a:mirasys:mirasys_vms:8.0.0
-
cpe:2.3:a:mirasys:mirasys_vms:8.3.1