Vulnerability Details : CVE-2017-9966
A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.
Vulnerability category: Gain privilege
Products affected by CVE-2017-9966
- cpe:2.3:a:schneider-electric:pelco_videoxpert:*:*:*:*:enterprise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9966
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9966
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:H/Au:S/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
References for CVE-2017-9966
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
Schneider Electric Pelco VideoXpert Enterprise | CISAPatch;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/102338
Schneider Electric Pelco VideoXpert Enterprise Directory Traversal And Access Bypass VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/
Security Notification - Pelco VideoXpert Enterprise | Schneider Electric
Jump to