VAR-201801-1066
Vulnerability from variot - Updated: 2023-12-18 12:19A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. VideoXpert is a video management solution designed for scalability, suitable for any size monitoring operation. Attackers can use the vulnerabilities to obtain sensitive information. PelcoVideoXpertEnterprise is an enterprise video management system. SchneiderElectricPelcoVideoXpertEnterprise has a directory traversal vulnerability. Information harvested may aid in launching further attacks.
Versions prior to Pelco VideoXpert Enterprise 2.1 are vulnerable. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.
VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "enterprise 2.1"
},
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "all versions"
},
{
"model": "electric pelco videoxpert",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.0.41"
},
{
"model": "electric pelco videoxpert",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.14.7"
},
{
"model": "electric pelco videoxpert",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.12.105"
},
{
"model": "electric pelco videoxpert enterprise",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1"
},
{
"model": "pelco videoxpert enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "pelco videoxpert enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert missing encryption of sensitive information",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert missing encryption of sensitive information",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert missing encryption of sensitive information",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "core software 1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "media gateway software 1.12.26"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "exports 1.12"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:pelco_videoxpert:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9964",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23308",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-38302",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.9,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-9964",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9964",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23308",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-38302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5420",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. VideoXpert is a video management solution designed for scalability, suitable for any size monitoring operation. Attackers can use the vulnerabilities to obtain sensitive information. PelcoVideoXpertEnterprise is an enterprise video management system. SchneiderElectricPelcoVideoXpertEnterprise has a directory traversal vulnerability. Information harvested may aid in launching further attacks. \nVersions prior to Pelco VideoXpert Enterprise 2.1 are vulnerable. The vulnerability existdue to the improper permissions, with the \u0027F\u0027 flag (full) for the\u0027Users\u0027 group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.\u003cbr/\u003e\u003cbr/\u003eVideoXpert services also suffer from an unquoted search path issueimpacting the \u0027VideoXpert Core\u0027 and \u0027VideoXpert Exports\u0027 servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_cookie.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_fd.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_eop.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-355-02",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-9964",
"trust": 3.4
},
{
"db": "BID",
"id": "102338",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-339-01",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42312",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42312",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23308",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-38302",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "38558",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2017122204",
"trust": 0.3
},
{
"db": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.2
},
{
"db": "AUSCERT",
"id": "ESB-2018.0004",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070079",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143318",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5420",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070077",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143317",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42311",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070078",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143316",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42310",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
]
},
"id": "VAR-201801-1066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
}
],
"trust": 2.047222233333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
}
]
},
"last_update_date": "2023-12-18T12:19:10.670000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VideoXpert Enterprise Video Management System",
"trust": 0.8,
"url": "https://www.pelco.com/video-management-system/videoxpert"
},
{
"title": "SchneiderElectricPelcoVideoXpertEnterprise directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-355-02"
},
{
"trust": 1.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/102338"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9964"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9964"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42312/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/38558"
},
{
"trust": 0.3,
"url": "https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp"
},
{
"trust": 0.3,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026amp;p_file_id=8621588310\u0026amp;p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf\u0026amp;p_reference=sevd-2017-339-01"
},
{
"trust": 0.3,
"url": "http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html"
},
{
"trust": 0.3,
"url": "https://www.cybersecurity-help.cz/vdb/sb2017122204"
},
{
"trust": 0.3,
"url": "http://www.isssource.com/schneider-clears-pelco-vulnerabilities/"
},
{
"trust": 0.3,
"url": "http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5419.php"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070079"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143318"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129664"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9964"
},
{
"trust": 0.1,
"url": "https://www.auscert.org.au/bulletins/56446"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42311/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070077"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143317"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129663"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9965"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42310/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143316"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070078"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129662"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9966"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"date": "2018-01-02T03:29:00.267000",
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"date": "2018-02-13T02:29:00.880000",
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"date": "2018-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco VideoXpert Enterprise Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…