Main Vulnerability Database Vulnerabilities #VU9699

Privilege escalation in Pelco VideoXpert Enterprise - CVE-2017-9966

Published: December 22, 2017

Vulnerability identifier: #VU9699

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-9966

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
Pelco VideoXpert Enterprise

Detailed vulnerability description

The vulnerability allows a remote authorized attacker to gain elevated privileges on the target system.

The weakness exists due to improper access control. A remote attacker can replace certain files, obtain system privileges and execute the inserted code at an elevated privilege level.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2017-9966

Update to version 2.1.

Sources

https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=864264...

Privilege escalation in Pelco VideoXpert Enterprise - CVE-2017-9966

Detailed vulnerability description

How to mitigate CVE-2017-9966

Sources

Please verify you're human