Vulnerability identifier: #VU9699
Vulnerability risk: Medium
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Pelco VideoXpert Enterprise
Hardware solutions /
Firmware
Vendor: Schneider Electric
Description
The vulnerability allows a remote authorized attacker to gain elevated privileges on the target system.
The weakness exists due to improper access control. A remote attacker can replace certain files, obtain system privileges and execute the inserted code at an elevated privilege level.
Successful exploitation of the vulnerability may result in system compromise.
Mitigation
Update to version 2.1.
Vulnerable software versions
Pelco VideoXpert Enterprise: All versions
External links
http://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=864264...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.