CVE-2024-12569

Summary

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.

Affected Software

VendorProductVersion RangeStatus
Milestone SystemsXProtect VMS0 < 13.5aaffected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log File

Workarounds

If, for any reason, update is not possible, we recommend monitoring of the log files under ‘%PROGRAMDATA%\XProtect Recording Server\Logs\Drivers’ for exposed credentials.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References