CVE-2023-30898

Name of the Vulnerable Software and Affected Versions Siveillance Video 2020 R2 versions prior to V20.2 HotfixRev14 Siveillance Video 2020 R3 versions prior to V20.3 HotfixRev12 Siveillance Video 2021 R1 versions prior to V21.1 HotfixRev12 Siveillance Video 2021 R2 versions prior to V21.2 HotfixRev8 Siveillance Video 2022 R1 versions prior to V22.1 HotfixRev7 Siveillance Video 2022 R2 versions prior to V22.2 HotfixRev5 Siveillance Video 2022 R3 versions prior to V22.3 HotfixRev2 Siveillance Video 2023 R1 versions prior to V23.1 HotfixRev1

Description The issue is related to errors in the data serialization procedure of the Event Server component in the Siveillance VMS platform for video surveillance system management. This could allow a remote attacker to execute arbitrary code on the affected system. The vulnerability is associated with the deserialization of data without sufficient validation, which can be exploited by an authenticated remote attacker.

Recommendations For Siveillance Video 2020 R2 versions prior to V20.2 HotfixRev14, update to V20.2 HotfixRev14 or later. For Siveillance Video 2020 R3 versions prior to V20.3 HotfixRev12, update to V20.3 HotfixRev12 or later. For Siveillance Video 2021 R1 versions prior to V21.1 HotfixRev12, update to V21.1 HotfixRev12 or later. For Siveillance Video 2021 R2 versions prior to V21.2 HotfixRev8, update to V21.2 HotfixRev8 or later. For Siveillance Video 2022 R1 versions prior to V22.1 HotfixRev7, update to V22.1 HotfixRev7 or later. For Siveillance Video 2022 R2 versions prior to V22.2 HotfixRev5, update to V22.2 HotfixRev5 or later. For Siveillance Video 2022 R3 versions prior to V22.3 HotfixRev2, update to V22.3 HotfixRev2 or later. For Siveillance Video 2023 R1 versions prior to V23.1 HotfixRev1, update to V23.1 HotfixRev1 or later.