CVE-2019-11030

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.

MISC: https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11030

15 years
257 countries
728k users
4744k calculations
Logo www.cctvforum.com
Logo www.systemy-stech.cz
Logo www.use-ip.co.uk
Logo www.elsec.cz
Logo secutek.cz
Logo sectech.co.nz