CVE-2019-10940

Name of the Vulnerable Software and Affected Versions SINEMA Server versions prior to V14.0 SP2 Update 1

Description A security issue has been identified that could allow an attacker with a valid session and low privileges to perform administrative operations, such as firmware updates, on connected devices. The issue can be exploited by an attacker with network access to the system, who must have access to a low-privileged account. This could compromise the confidentiality, integrity, and availability of the affected system and its components. At the time of reporting, no public exploitation of this issue was known.

Recommendations For versions prior to V14.0 SP2 Update 1, update to V14.0 SP2 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to low-privileged accounts and limiting network access to the affected system to minimize the risk of exploitation.