CVE-2024-3506

Camera Driver possible Buffer Overflow

Description

A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.

Remediation

Solution:

To mitigate the issue, we highly recommend installing the XProtect Device Pack version 13.2a or later which contains the most up to date device drivers.

Workaround:

If, for any reason, patching is not possible, you should proceed with caution when adding new cameras and scan only IPs which are confirmed to be valid and trusted devices.

References

Link	Tags
https://supportcommunity.milestonesys.com/KBRedir?art=000065801&lang=en_US

Frequently Asked Questions

What is the severity of CVE-2024-3506?: CVE-2024-3506 has been scored as a high severity vulnerability.
How to fix CVE-2024-3506?: To fix CVE-2024-3506: To mitigate the issue, we highly recommend installing the XProtect Device Pack version 13.2a or later which contains the most up to date device drivers.
Is CVE-2024-3506 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-3506 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3506?: CVE-2024-3506 affects Milestone Systems XProtect VMS.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-120 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Frequently Asked Questions