CVE-2019-11030

Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 22/08/2019 Updated: 24/08/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mirasys mirasys vms

CWE-798 CWE-502 https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11030

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect