The Recording Server, Management Server and Management Client in XProtect® (Corporate, Expert, Professional+, Express+, Essential+) use an exploitable .NET Framework Remoting deserialization level. Elevation of Privileges and/or Denial-of-Service are possible if the affected ports are exposed.
Systems running an XProtect version older than 2016 R1 must upgrade to the 2016 R1 product version (or later) and apply the relevant patch to mitigate this vulnerability.
List of affected ports:
8966- Recording Server tray controller, local connection only.
9993- Management Server service (Recording Server services).
6473- Management Server tray controller, local connection only.
7474- Recording Server Service (Windows SNMP service).
Patches mitigating this vulnerability are available — please see Knowledge Base article 4420 for more information: “XProtect VMS: .NET security vulnerability (hotfixes for 2016 R1 - 2018 R1).”
Information about the ports used by XProtect C-code VMS products can be found in the XProtect Admin Guide and in Knowledge Base article 1960 .
Note: Please refer to the HUB Hardening Guide or further details on VMS security. (The most recent version of the Hardening Guide can be located in the Documents section of our website.)