CVE-2018-7891

HIGH

Milestone XProtect <12.1a - Remote Code Execution

Title source: llm

Description

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.

References (3)

Scores

CVSS v3 8.1
EPSS 0.0268
EPSS Percentile 85.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (6)

milestonesys/xprotect < 12.1a
milestonesys/xprotect < 12.1a
milestonesys/xprotect < 12.1a
milestonesys/xprotect < 12.1a
milestonesys/xprotect < 12.1a
siemens/siveillance_vms < 10.0a

Timeline

Published Apr 30, 2018
Tracked Since Feb 18, 2026