CVE-2019-19291

Name of the Vulnerable Software and Affected Versions Control Center Server (CCS) versions prior to V1.5.0 SiNVR/SiVMS Video Server versions prior to V5.0.0

Description A vulnerability has been identified where the FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service. This issue is related to the unencrypted storage of credentials, which could allow a remote attacker to gain unauthorized access to user credentials.

Recommendations For Control Center Server (CCS) versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. For SiNVR/SiVMS Video Server versions prior to V5.0.0, update to version V5.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the FTP service in the affected servers until a patch is available. Restrict access to the log files that store login credentials to minimize the risk of exploitation.