References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

CWE-1394

CWE-311

Milestone Systems has discovered a
security vulnerability in Milestone XProtect installer that resets system
configuration password after the upgrading from older versions using specific
installers.



The system configuration
password is an additional, optional protection that is enabled on the
Management Server.


To mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.



Any system upgraded with
2024 R1 or 2024 R2 release installer is vulnerable to this issue.



Systems upgraded from 2023
R3 or older with version 2025 R1 and newer are not affected.

AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE-311

https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US