Privilege Escalation via Auto-Update Feature in Mirasys VMS
CVE-2019-11031 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.
Learn more about our Cis Benchmark Audit For Server Software.