Main Vulnerability Database Vulnerabilities #VU9699

#VU9699 Privilege escalation in Pelco VideoXpert Enterprise - CVE-2017-9966

Published: December 22, 2017

Vulnerability identifier: #VU9699

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-9966

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Pelco VideoXpert Enterprise

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote authorized attacker to gain elevated privileges on the target system.

The weakness exists due to improper access control. A remote attacker can replace certain files, obtain system privileges and execute the inserted code at an elevated privilege level.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 2.1.

External links

https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=864264...