CVE-2019-18338

Name of the Vulnerable Software and Affected Versions Control Center Server (CCS) versions prior to V1.5.0 SiNVR 3 Central Control Server (CCS) (all versions) SiNVR 3 Video Server (all versions)

Description A directory traversal vulnerability has been identified in the XML-based communication protocol of the Control Center Server (CCS), which is provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.

Recommendations For Control Center Server (CCS) versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. For SiNVR 3 Central Control Server (CCS) and SiNVR 3 Video Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to ports 5444/tcp and 5440/tcp to minimize the risk of exploitation.