VAR-201801-1068
Vulnerability from variot - Updated: 2023-12-18 12:19A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level. Schneider Electric Pelco VideoXpert Enterprise Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoVideoXpertEnterprise is an enterprise video management system. Schneider Electric Pelco VideoXpert Enterprise is prone to multiple directory traversal and an access-bypass vulnerabilities.
Exploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.
VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "enterprise 2.1"
},
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "all versions"
},
{
"model": "electric pelco videoxpert enterprise",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1"
},
{
"model": "pelco videoxpert enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "pelco videoxpert enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "core software 1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "media gateway software 1.12.26"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "exports 1.12"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:pelco_videoxpert:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "102338"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-9966",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-38303",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9966",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9966",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-38303",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1082",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A privilege escalation vulnerability exists in Schneider Electric\u0027s Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level. Schneider Electric Pelco VideoXpert Enterprise Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoVideoXpertEnterprise is an enterprise video management system. Schneider Electric Pelco VideoXpert Enterprise is prone to multiple directory traversal and an access-bypass vulnerabilities. \nExploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the \u0027F\u0027 flag (full) for the\u0027Users\u0027 group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.\u003cbr/\u003e\u003cbr/\u003eVideoXpert services also suffer from an unquoted search path issueimpacting the \u0027VideoXpert Core\u0027 and \u0027VideoXpert Exports\u0027 servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_fd.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_eop.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-355-02",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2017-9966",
"trust": 3.4
},
{
"db": "BID",
"id": "102338",
"trust": 2.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-339-01",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-38303",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2017122204",
"trust": 0.2
},
{
"db": "CXSECURITY",
"id": "WLB-2017070077",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143317",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42311",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070078",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143316",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42310",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"id": "VAR-201801-1068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38303"
}
],
"trust": 1.3708333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38303"
}
]
},
"last_update_date": "2023-12-18T12:19:10.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VideoXpert Enterprise Video Management System",
"trust": 0.8,
"url": "https://www.pelco.com/video-management-system/videoxpert"
},
{
"title": "SchneiderElectricPelcoVideoXpertEnterprise privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111985"
},
{
"title": "Schneider Electric Pelco VideoXpert Enterprise Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99879"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-355-02"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/102338"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9966"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9966"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.2,
"url": "https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp"
},
{
"trust": 0.2,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026amp;p_file_id=8621588310\u0026amp;p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf\u0026amp;p_reference=sevd-2017-339-01"
},
{
"trust": 0.2,
"url": "http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html"
},
{
"trust": 0.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2017122204"
},
{
"trust": 0.2,
"url": "http://www.isssource.com/schneider-clears-pelco-vulnerabilities/"
},
{
"trust": 0.2,
"url": "http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42311/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070077"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143317"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129663"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9965"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42310/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143316"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070078"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129662"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"date": "2018-01-02T03:29:00.330000",
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco VideoXpert Enterprise Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…