CVE-2024-3506
7.3
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
Summary
A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Milestone Systems | XProtect VMS | 0 <= 13.1a | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Workarounds
If, for any reason, patching is not possible, you should proceed with caution when adding new cameras and scan only IPs which are confirmed to be valid and trusted devices.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.