CVE-2019-19295

Name of the Vulnerable Software and Affected Versions Control Center Server (CCS) versions prior to V1.5.0 SiNVR 3 Central Control Server (all versions) SiNVR 3 Video Server (all versions)

Description A vulnerability has been identified in the Control Center Server (CCS) and SiNVR 3 Central Control Server, related to errors in the XML-based communication protocol. This vulnerability allows an authenticated remote attacker to perform covert actions that are not visible in the application log, as the server does not enforce logging of security-relevant activities on ports 5444/tcp and 5440/tcp.

Recommendations For Control Center Server (CCS) versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. For SiNVR 3 Central Control Server and SiNVR 3 Video Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to ports 5444/tcp and 5440/tcp to minimize the risk of exploitation.