CVE-2022-43400

Name of the Vulnerable Software and Affected Versions Siveillance Video Mobile Server versions prior to V22.2a (80)

Description A vulnerability has been identified in the mobile server component of Siveillance Video Mobile Server, which improperly handles logins for Active Directory accounts that are part of the Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. The issue is related to errors in processing input data for Active Directory accounts, which can be exploited by a remote attacker to gain full access to the software.

Recommendations For versions prior to V22.2a (80), update to version V22.2a (80) or later to resolve the issue. As a temporary workaround, consider restricting access to the mobile server component to minimize the risk of exploitation. Additionally, review and restrict Active Directory accounts that are part of the Administrators group to prevent unauthorized access.