CVE-2017-9966 Information

Description

A privilege escalation vulnerability exists in Schneider Electric’s Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/102338 https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02 https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1