VAR-201801-1067
Vulnerability from variot - Updated: 2023-12-18 12:19An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. Schneider Electric Pelco VideoXpert Enterprise Contains a path traversal vulnerability.Information may be obtained. PelcoVideoXpertEnterprise is an enterprise video management system.
Exploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.
VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "enterprise 2.1"
},
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "all versions"
},
{
"model": "electric pelco videoxpert enterprise",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1"
},
{
"model": "pelco videoxpert enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "pelco videoxpert enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "core software 1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "media gateway software 1.12.26"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "exports 1.12"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:pelco_videoxpert:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "102338"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9965",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-38304",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-9965",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9965",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-38304",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1083",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exposure of sensitive information vulnerability exists in Schneider Electric\u0027s Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. Schneider Electric Pelco VideoXpert Enterprise Contains a path traversal vulnerability.Information may be obtained. PelcoVideoXpertEnterprise is an enterprise video management system. \nExploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the \u0027F\u0027 flag (full) for the\u0027Users\u0027 group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.\u003cbr/\u003e\u003cbr/\u003eVideoXpert services also suffer from an unquoted search path issueimpacting the \u0027VideoXpert Core\u0027 and \u0027VideoXpert Exports\u0027 servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_fd.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_eop.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-355-02",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2017-9965",
"trust": 3.4
},
{
"db": "BID",
"id": "102338",
"trust": 1.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-339-01",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-38304",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "38559",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2017122204",
"trust": 0.2
},
{
"db": "CXSECURITY",
"id": "WLB-2017070077",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143317",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42311",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070078",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143316",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42310",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
]
},
"id": "VAR-201801-1067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38304"
}
],
"trust": 1.3708333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38304"
}
]
},
"last_update_date": "2023-12-18T12:19:10.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VideoXpert Enterprise Video Management System",
"trust": 0.8,
"url": "https://www.pelco.com/video-management-system/videoxpert"
},
{
"title": "Patch for SchneiderElectricPelcoVideoXpertEnterprise Directory Traversal Vulnerability (CNVD-2017-38304)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111983"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-355-02"
},
{
"trust": 1.2,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/102338"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9965"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9965"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/38559"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.2,
"url": "https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp"
},
{
"trust": 0.2,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026amp;p_file_id=8621588310\u0026amp;p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf\u0026amp;p_reference=sevd-2017-339-01"
},
{
"trust": 0.2,
"url": "http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html"
},
{
"trust": 0.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2017122204"
},
{
"trust": 0.2,
"url": "http://www.isssource.com/schneider-clears-pelco-vulnerabilities/"
},
{
"trust": 0.2,
"url": "http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42311/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070077"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143317"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129663"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42310/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143316"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070078"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129662"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9966"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"date": "2018-01-02T03:29:00.300000",
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"date": "2018-02-13T02:29:00.973000",
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"date": "2018-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco VideoXpert Enterprise Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…