CVE-2017-15290 Information

Description

Mirasys Video Management System (VMS) 6.x before 6.4.6 7.x before 7.5.15 and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client and not all of this data is required for the client functionality.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://ipvm.com/forums/video-surveillance/topics/mirasys-happy-with-bad-security-unless-hit-with-bad-press https://www.dropbox.com/s/un43q74ie55wtpe/mirasys-vms-leak-2017.zip?dl=1

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5