Lucene search

K
cve[email protected]CVE-2017-9966
HistoryFeb 12, 2018 - 12:00 a.m.

CVE-2017-9966

2018-02-1200:00:00
web.nvd.nist.gov
21
nvd
cve-2017-9966
schneider electric
pelco videoxpert
privilege escalation
vulnerability

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.3%

A privilege escalation vulnerability exists in Schneider Electric’s Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

Affected configurations

NVD
Node
schneider-electricpelco_videoxpertRange<2.1enterprise

CNA Affected

[
  {
    "product": "Pelco VideoXpert Enterprise",
    "vendor": "Schneider Electric SE",
    "versions": [
      {
        "status": "affected",
        "version": "Versions 2.0 and prior"
      }
    ]
  }
]

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.3%