CVE-2024-3506

Summary

A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.

Affected Software

VendorProductVersion RangeStatus
Milestone SystemsXProtect VMS0 <= 13.1aaffected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Workarounds

If, for any reason, patching is not possible, you should proceed with caution when adding new cameras and scan only IPs which are confirmed to be valid and trusted devices.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References