The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| milestonesys | xprotect | * |
| siemens | siveillance_vms | * |