7.1

CVE-2017-9966

EPSS 0.53%
Veröffentlicht 02.01.2018 03:29:00
Zuletzt bearbeitet 21.11.2024 03:37:16
Quelle cybersecurity@se.com
CVE-Watchlists
Login
Unerledigt
Login

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Pelco Videoxpert SwEditionenterprise Version < 2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.662

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.2	5.9	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	7.1	3.9	10	AV:N/AC:H/Au:S/C:C/I:C/A:C

http://www.securityfocus.com/bid/102338

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02

Patch

Third Party Advisory

US Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/

https://nvd.nist.gov/vuln/detail/CVE-2017-9966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9966

EUVD