SONY

Network Video Management System

Article number: 000004420
Product: SOW-E 2016-R3, HAW-E 2016-R3, SOW-E 2017-R2, HAW-E 2017-R2
Version: 2
First published: June/30/2018
Last modified: May/20/2019

.NET security vulnerability

Summary

The Recording Server, Management Server and Management Client in Network Video Management System Enterprise Edition use an exploitable .NET Framework Remoting deserialization level. Elevation of Privileges and/or Denial-of-Service are possible if the affected ports are exposed.

Symptoms

N/A

Cause

The Recording Server, Management Server and Management Client in Network Video Management System Enterprise Edition use an exploitable .NET Framework Remoting deserialization level. Elevation of Privileges and/or Denial-of-Service are possible if the affected ports are exposed.

List of affected ports:

  • 8966 - Recording Server tray controller, local connection only.
  • 9993 - Management Server service (Recording Server services).
  • 6473 - Management Server tray controller, local connection only.
  • 7474 - Recording Server Service (Windows SNMP service).

Hotfixes have been released for versions 2016-R3 through 2017-R2.
It is recommended to install the hotfixes if you use any of the affected Network Video Management System products.

Steps to apply the hotfix

Refer to the article for hotfix 000013322.
This hotfix was cumulatively integrated into hotfix 000013322.

Download link

Patch files for this hotfix were cumulatively integrated into the ones for hotfix 000013322.
The hotfix download link is not published. Contact your local dealer for more support.