SB2017122204 - Multiple vulnerabilities in Schneider Electric Pelco VideoXpert Enterprise

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017122204

SB2017122204 - Multiple vulnerabilities in Schneider Electric Pelco VideoXpert Enterprise

Published: December 22, 2017

Security Bulletin ID SB2017122204
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2017-9964)

The vulnerability allows a remote attacker to perform a directory traversal attack.

The weakness exists due to path traversal. A remote attacker can supply sniffing communications, conduct a directory traversal attack and bypass authentication or hijack an existing user's session.


2) Path traversal (CVE-ID: CVE-2017-9965)

The vulnerability allows a remote attacker to perform a directory traversal attack.

The weakness exists due to path traversal. A remote attacker can supply sniffing communications, conduct a directory traversal attack and view web server files.


3) Privilege escalation (CVE-ID: CVE-2017-9966)

The vulnerability allows a remote authorized  attacker to gain elevated privileges on the target system.

The weakness exists due to improper access control. A remote attacker can replace certain files, obtain system privileges and execute the inserted code at an elevated privilege level.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Install update from vendor's website.

References