Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCertccCVE-2017-3210
HistoryJul 24, 2018 - 3:29 p.m.

CVE-2017-3210

2018-07-2415:29:00
CWE-16
CWE-276
certcc
web.nvd.nist.gov
30
portrait display sdk
arbitrary code execution
insecure configurations
fujitsu displayview click
hp display assistant
philips smart control premium

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

0.4%

JSON

Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

Affected configurations

Nvd
Node
portraitportrait_display_sdkRange2.302.34
Node
fujitsudisplayview_clickMatch6.0
OR
fujitsudisplayview_clickMatch6.01
OR
fujitsudisplayview_click_suiteMatch5.0
Node
hpdisplay_assistantMatch2.1
OR
hpmy_displayMatch2.0
Node
philipssmart_control_premiumMatch2.23
OR
philipssmart_control_premiumMatch2.25
VendorProductVersionCPE
portraitportrait_display_sdk*cpe:2.3:a:portrait:portrait_display_sdk:*:*:*:*:*:*:*:*
fujitsudisplayview_click6.0cpe:2.3:a:fujitsu:displayview_click:6.0:*:*:*:*:*:*:*
fujitsudisplayview_click6.01cpe:2.3:a:fujitsu:displayview_click:6.01:*:*:*:*:*:*:*
fujitsudisplayview_click_suite5.0cpe:2.3:a:fujitsu:displayview_click_suite:5.0:*:*:*:*:*:*:*
hpdisplay_assistant2.1cpe:2.3:a:hp:display_assistant:2.1:*:*:*:*:*:*:*
hpmy_display2.0cpe:2.3:a:hp:my_display:2.0:*:*:*:*:*:*:*
philipssmart_control_premium2.23cpe:2.3:a:philips:smart_control_premium:2.23:*:*:*:*:*:*:*
philipssmart_control_premium2.25cpe:2.3:a:philips:smart_control_premium:2.25:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "SDK",
    "vendor": "Portrait Display",
    "versions": [
      {
        "lessThan": "2.34*",
        "status": "affected",
        "version": "2.30",
        "versionType": "custom"
      }
    ]
  }
]

Related

zdt 1
cert 1
prion 1
packetstorm 1
cvelist 1
nessus 1
nvd 1
zdt
zdt
Portrait Display SDK Service Privilege Escalation Vulnerability
2017-04-26 00:00:00
cert
cert
Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation
2017-04-25 00:00:00
prion
prion
Design/Logic Flaw
2018-07-24 15:29:00
packetstorm
packetstorm
Portrait Display SDK Service Privilege Escalation
2017-04-26 00:00:00
cvelist
cvelist
CVE-2017-3210 Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution
2018-07-24 15:00:00
nessus
nessus
Portrait Display SDK PdiService Insecure Privileges Local Privilege Escalation
2017-04-28 00:00:00
nvd
nvd
CVE-2017-3210
2018-07-24 15:29:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

0.4%

JSON
Related for CVE-2017-3210
zdt1cert1prion1packetstorm1cvelist1nessus1nvd1