Lucene search

[email protected]NVD:CVE-2017-9966

HistoryJan 02, 2018 - 3:29 a.m.

CVE-2017-9966

2018-01-0203:29:00

[email protected]

web.nvd.nist.gov

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.3%

JSON

A privilege escalation vulnerability exists in Schneider Electric’s Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

Affected configurations

Nvd

Node

schneider-electricpelco_videoxpertRange<2.1enterprise

VendorProductVersionCPE
schneider-electricpelco_videoxpert*cpe:2.3:a:schneider-electric:pelco_videoxpert:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
schneider-electric	pelco_videoxpert	*	cpe:2.3:a:schneider-electric:pelco_videoxpert:::::enterprise:::*

References

www.securityfocus.com/bid/102338

ics-cert.us-cert.gov/advisories/ICSA-17-355-02

www.schneider-electric.com/en/download/document/SEVD-2017-339-01/

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.3%

JSON

Related for NVD:CVE-2017-9966

prion1 zeroscience1 cvelist1 cve1 openvas1 ics1