ID CVE-2017-15290
Summary Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.
References
Vulnerable Configurations
  • cpe:2.3:a:mirasys:video_management_system:6.2.5
    cpe:2.3:a:mirasys:video_management_system:6.2.5
  • cpe:2.3:a:mirasys:video_management_system:7.0.1
    cpe:2.3:a:mirasys:video_management_system:7.0.1
  • cpe:2.3:a:mirasys:video_management_system:7.3.1
    cpe:2.3:a:mirasys:video_management_system:7.3.1
  • cpe:2.3:a:mirasys:video_management_system:7.3.3
    cpe:2.3:a:mirasys:video_management_system:7.3.3
  • cpe:2.3:a:mirasys:video_management_system:7.5.2
    cpe:2.3:a:mirasys:video_management_system:7.5.2
  • cpe:2.3:a:mirasys:video_management_system:7.5.3
    cpe:2.3:a:mirasys:video_management_system:7.5.3
  • cpe:2.3:a:mirasys:video_management_system:7.5.7
    cpe:2.3:a:mirasys:video_management_system:7.5.7
  • cpe:2.3:a:mirasys:video_management_system:7.5.11
    cpe:2.3:a:mirasys:video_management_system:7.5.11
  • cpe:2.3:a:mirasys:video_management_system:8.0.0
    cpe:2.3:a:mirasys:video_management_system:8.0.0
  • cpe:2.3:a:mirasys:video_management_system:8.1.0
    cpe:2.3:a:mirasys:video_management_system:8.1.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
refmap via4
misc
Last major update 12-10-2017 - 12:29
Published 12-10-2017 - 12:29
Last modified 03-11-2017 - 12:34
Back to Top