Executive Risk Summary
"A CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2 allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover. This vulnerability can be exploited via a malicious cross-origin web page visited by the victim, but only when the system is running in the default Standard security mode."
Anticipated Attack Path
- 1. Attacker creates a malicious cross-origin web page
- 2. Victim visits the malicious web page while authenticated to the Nx Witness VMS
- 3. Attacker steals the session token and performs Administrator Account Takeover
Am I Vulnerable?
- Verify the Nx Witness VMS version is 6.1.2 or later
- Check the Access-Control-Allow-Credentials setting via the REST API
- Consider setting the security level to High during initial setup
Operational Audit Arsenal
Manual Verification Required
This is a non-Windows asset (Network Optix). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Minimal, as the update only changes the default Standard security configuration
Internal Work Notes
Technical Intelligence & Operational Utilities • Delivered Weekly