CVE-2017-9317

EPSS 0.37%
Veröffentlicht 23.05.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:35:49
Quelle cybersecurity@dahuatech.com
CVE-Watchlists
Login
Unerledigt
Login

Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dahuasecurity ≫ Xvr5x16 Firmware Version < 3.218.0000002.1.r.171229

Dahuasecurity ≫ Xvr5x16 Version-

Dahuasecurity ≫ Xvr5x08 Firmware Version < 3.218.0000002.1.r.171229

Dahuasecurity ≫ Xvr5x08 Version-

Dahuasecurity ≫ Xvr5x04 Firmware Version < 3.218.0000002.1.r.171229

Dahuasecurity ≫ Xvr5x04 Version-

Dahuasecurity ≫ Xvr7x16 Firmware Version < 3.218.0000002.1.r.171229

Dahuasecurity ≫ Xvr7x16 Version-

Dahuasecurity ≫ Ipc-hdbw4xxx Firmware Version < 2.622.0000000.18.r.20171110

Dahuasecurity ≫ Ipc-hdbw4xxx Version-

Dahuasecurity ≫ Ipc-hdbw4xxx Firmware Version < 2.621.0000.28.r.20170912

Dahuasecurity ≫ Ipc-hdbw4xxx Version-

Dahuasecurity ≫ Ipc-hdbw5xxx Firmware Version < 2.622.0000000.18.r.20171110

Dahuasecurity ≫ Ipc-hdbw5xxx Version-

Dahuasecurity ≫ Ipc-hdbw5xxx Firmware Version < 2.621.0000.28.r.20170912

Dahuasecurity ≫ Ipc-hdbw5xxx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.583

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-9317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9317

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-9317