CVE-2019-6580

Name of the Vulnerable Software and Affected Versions Siveillance VMS versions prior to V11.2a Siveillance VMS versions prior to V12.1a Siveillance VMS versions prior to V12.2a Siveillance VMS versions prior to V12.3a Siveillance VMS versions prior to V13.1a

Description The issue is related to inadequate access control in the Siveillance VMS platform, which can be exploited by a remote attacker to modify device settings using a web service. An attacker with network access to port 80/TCP can change device properties without authorization, compromising the confidentiality, integrity, and availability of the targeted system. No user interaction is required for exploitation.

Recommendations For versions prior to V11.2a, update to version V11.2a or later. For versions prior to V12.1a, update to version V12.1a or later. For versions prior to V12.2a, update to version V12.2a or later. For versions prior to V12.3a, update to version V12.3a or later. For versions prior to V13.1a, update to version V13.1a or later.