CVE-2018-4849

Name of the Vulnerable Software and Affected Versions Siveillance VMS Video for Android versions prior to V12.1a (2018 R1) Siveillance VMS Video for iOS versions prior to V12.1a (2018 R1)

Description A security issue has been identified due to improper certificate validation, which could allow an attacker in a privileged network position to intercept and manipulate the encrypted communication channel between the app and a server. This could be achieved through a Man-in-the-Middle attack, where the attacker generates a certificate with a checksum identical to a trusted certificate. The issue can be exploited without user interaction and affects the confidentiality and integrity of the communication. At the time of reporting, there were no known public exploitations of this issue.

Recommendations For Siveillance VMS Video for Android versions prior to V12.1a (2018 R1), update to version V12.1a (2018 R1) or later to resolve the security issue. For Siveillance VMS Video for iOS versions prior to V12.1a (2018 R1), update to version V12.1a (2018 R1) or later to resolve the security issue.