CVE-2019-19296

Name of the Vulnerable Software and Affected Versions SiNVR/SiVMS Video Server versions prior to V5.0.0

Description A path traversal vulnerability has been identified in the FTP services of the SiVMS/SiNVR Video Server. This vulnerability could allow an authenticated remote attacker to access and download arbitrary files from the server if the FTP services are enabled. The issue is related to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to access protected information.

Recommendations For versions prior to V5.0.0, update to version V5.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the FTP services on the default ports 21/tcp and 5411/tcp until a patch is available. Restrict access to the FTP services to minimize the risk of exploitation.