CVE-2018-7891

Name of the Vulnerable Software and Affected Versions: Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) versions 2016 R1 (10.0.a) through 2018 R1 (12.1a)

Description: The issue concerns .NET Remoting endpoints that are vulnerable to deserialization attacks, which can result in remote code execution.

Recommendations: For versions 2016 R1 (10.0.a) through 2018 R1 (12.1a), consider disabling the .NET Remoting endpoints as a temporary workaround until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation.