CVE-2017-9966

Опубликовано: 02 янв. 2018

Источник: nvd

CVSS3: 7.1

CVSS2: 7.1

EPSS Низкий

Описание

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

Ссылки

http://www.securityfocus.com/bid/102338
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
Patch
Third Party Advisory
US Government Resource
https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/
http://www.securityfocus.com/bid/102338
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
Patch
Third Party Advisory
US Government Resource
https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:pelco_videoxpert:*:*:*:*:enterprise:*:*:*

Версия до 2.1 (исключая)

EPSS

Процентиль: 67%

0.00529

Низкий

7.1 High

CVSS3

7.1 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5fp8-73jr-79h2

CVSS3: 7.1

github

больше 3 лет назад

EPSS

Процентиль: 67%

0.00529

Низкий

7.1 High

CVSS3

7.1 High

CVSS2

Дефекты

NVD-CWE-noinfo