ID
VAR-201801-1066
CVE
CVE-2017-9964
TITLE
Schneider Electric Pelco VideoXpert Enterprise Path traversal vulnerability
Trust: 1.4
DESCRIPTION
A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. VideoXpert is a video management solution designed for scalability, suitable for any size monitoring operation. Attackers can use the vulnerabilities to obtain sensitive information. PelcoVideoXpertEnterprise is an enterprise video management system. SchneiderElectricPelcoVideoXpertEnterprise has a directory traversal vulnerability. Information harvested may aid in launching further attacks. Versions prior to Pelco VideoXpert Enterprise 2.1 are vulnerable. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.<br/><br/>VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
Trust: 3.24
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | schneider electric | model: | pelco videoxpert | scope: | lt | version: | 2.1 | Trust: 1.0 |
| vendor: | schneider electric | model: | pelco videoxpert | scope: | eq | version: | enterprise 2.1 | Trust: 0.8 |
| vendor: | schneider electric | model: | pelco videoxpert | scope: | lt | version: | all versions | Trust: 0.8 |
| vendor: | schneider | model: | electric pelco videoxpert | scope: | eq | version: | 2.0.41 | Trust: 0.6 |
| vendor: | schneider | model: | electric pelco videoxpert | scope: | eq | version: | 1.14.7 | Trust: 0.6 |
| vendor: | schneider | model: | electric pelco videoxpert | scope: | eq | version: | 1.12.105 | Trust: 0.6 |
| vendor: | schneider | model: | electric pelco videoxpert enterprise | scope: | lt | version: | 2.1 | Trust: 0.6 |
| vendor: | schneider electric | model: | pelco videoxpert enterprise | scope: | eq | version: | 2.0 | Trust: 0.3 |
| vendor: | schneider electric | model: | pelco videoxpert enterprise | scope: | ne | version: | 2.1 | Trust: 0.3 |
| vendor: | schneider electric se | model: | pelco videoxpert missing encryption of sensitive information | scope: | eq | version: | 2.0.41 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert missing encryption of sensitive information | scope: | eq | version: | 1.14.7 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert missing encryption of sensitive information | scope: | eq | version: | 1.12.105 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert core admin portal directory traversal | scope: | eq | version: | 2.0.41 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert core admin portal directory traversal | scope: | eq | version: | 1.14.7 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert core admin portal directory traversal | scope: | eq | version: | 1.12.105 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert privilege escalations | scope: | eq | version: | core software 1.12.105 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert privilege escalations | scope: | eq | version: | media gateway software 1.12.26 | Trust: 0.1 |
| vendor: | schneider electric se | model: | pelco videoxpert privilege escalations | scope: | eq | version: | exports 1.12 | Trust: 0.1 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
path traversal
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | VideoXpert Enterprise Video Management System | url: | https://www.pelco.com/video-management-system/videoxpert | Trust: 0.8 |
| title: | SchneiderElectricPelcoVideoXpertEnterprise directory traversal vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/111989 | Trust: 0.6 |
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-17-355-02 | Trust: 3.6 |
| db: | NVD | id: | CVE-2017-9964 | Trust: 3.4 |
| db: | BID | id: | 102338 | Trust: 1.6 |
| db: | SCHNEIDER | id: | SEVD-2017-339-01 | Trust: 1.3 |
| db: | JVNDB | id: | JVNDB-2017-011851 | Trust: 0.8 |
| db: | EXPLOIT-DB | id: | 42312 | Trust: 0.7 |
| db: | EXPLOITDB | id: | 42312 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2017-23308 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2017-38302 | Trust: 0.6 |
| db: | NSFOCUS | id: | 38558 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201706-1084 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2017122204 | Trust: 0.3 |
| db: | ZSL | id: | ZSL-2017-5419 | Trust: 0.2 |
| db: | AUSCERT | id: | ESB-2018.0004 | Trust: 0.1 |
| db: | CXSECURITY | id: | WLB-2017070079 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 143318 | Trust: 0.1 |
| db: | ZSL | id: | ZSL-2017-5420 | Trust: 0.1 |
| db: | CXSECURITY | id: | WLB-2017070077 | Trust: 0.1 |
| db: | NVD | id: | CVE-2017-9965 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 143317 | Trust: 0.1 |
| db: | EXPLOIT-DB | id: | 42311 | Trust: 0.1 |
| db: | CXSECURITY | id: | WLB-2017070078 | Trust: 0.1 |
| db: | NVD | id: | CVE-2017-9966 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 143316 | Trust: 0.1 |
| db: | EXPLOIT-DB | id: | 42310 | Trust: 0.1 |
| db: | ZSL | id: | ZSL-2017-5418 | Trust: 0.1 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-17-355-02 | Trust: 3.6 |
| url: | https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/ | Trust: 1.3 |
| url: | http://www.securityfocus.com/bid/102338 | Trust: 1.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-9964 | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9964 | Trust: 0.8 |
| url: | https://www.exploit-db.com/exploits/42312/ | Trust: 0.7 |
| url: | http://www.nsfocus.net/vulndb/38558 | Trust: 0.6 |
| url: | https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp | Trust: 0.3 |
| url: | https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_id=8621588310&p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf&p_reference=sevd-2017-339-01 | Trust: 0.3 |
| url: | http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html | Trust: 0.3 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2017122204 | Trust: 0.3 |
| url: | http://www.isssource.com/schneider-clears-pelco-vulnerabilities/ | Trust: 0.3 |
| url: | http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system | Trust: 0.3 |
| url: | http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true | Trust: 0.3 |
| url: | http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5419.php | Trust: 0.1 |
| url: | https://cxsecurity.com/issue/wlb-2017070079 | Trust: 0.1 |
| url: | https://packetstormsecurity.com/files/143318 | Trust: 0.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/129664 | Trust: 0.1 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9964 | Trust: 0.1 |
| url: | https://www.auscert.org.au/bulletins/56446 | Trust: 0.1 |
| url: | https://www.exploit-db.com/exploits/42311/ | Trust: 0.1 |
| url: | https://cxsecurity.com/issue/wlb-2017070077 | Trust: 0.1 |
| url: | https://packetstormsecurity.com/files/143317 | Trust: 0.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/129663 | Trust: 0.1 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-9965 | Trust: 0.1 |
| url: | https://www.exploit-db.com/exploits/42310/ | Trust: 0.1 |
| url: | https://packetstormsecurity.com/files/143316 | Trust: 0.1 |
| url: | https://cxsecurity.com/issue/wlb-2017070078 | Trust: 0.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/129662 | Trust: 0.1 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-9966 | Trust: 0.1 |
CREDITS
Vulnerability discovered by Gjoko Krstic
Trust: 0.3
SOURCES
| db: | ZSL | id: | ZSL-2017-5420 |
| db: | ZSL | id: | ZSL-2017-5419 |
| db: | ZSL | id: | ZSL-2017-5418 |
| db: | CNVD | id: | CNVD-2017-23308 |
| db: | CNVD | id: | CNVD-2017-38302 |
| db: | BID | id: | 102338 |
| db: | JVNDB | id: | JVNDB-2017-011851 |
| db: | CNNVD | id: | CNNVD-201706-1084 |
| db: | NVD | id: | CVE-2017-9964 |
LAST UPDATE DATE
2024-11-23T21:39:52.905000+00:00
SOURCES UPDATE DATE
| db: | ZSL | id: | ZSL-2017-5420 | date: | 2018-01-13T00:00:00 |
| db: | ZSL | id: | ZSL-2017-5419 | date: | 2018-01-13T00:00:00 |
| db: | ZSL | id: | ZSL-2017-5418 | date: | 2018-01-13T00:00:00 |
| db: | CNVD | id: | CNVD-2017-23308 | date: | 2017-08-28T00:00:00 |
| db: | CNVD | id: | CNVD-2017-38302 | date: | 2017-12-28T00:00:00 |
| db: | BID | id: | 102338 | date: | 2017-12-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-011851 | date: | 2018-01-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-1084 | date: | 2018-01-03T00:00:00 |
| db: | NVD | id: | CVE-2017-9964 | date: | 2024-11-21T03:37:15.877 |
SOURCES RELEASE DATE
| db: | ZSL | id: | ZSL-2017-5420 | date: | 2017-07-10T00:00:00 |
| db: | ZSL | id: | ZSL-2017-5419 | date: | 2017-07-10T00:00:00 |
| db: | ZSL | id: | ZSL-2017-5418 | date: | 2017-07-10T00:00:00 |
| db: | CNVD | id: | CNVD-2017-23308 | date: | 2017-08-28T00:00:00 |
| db: | CNVD | id: | CNVD-2017-38302 | date: | 2017-12-28T00:00:00 |
| db: | BID | id: | 102338 | date: | 2017-12-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-011851 | date: | 2018-01-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-1084 | date: | 2017-06-27T00:00:00 |
| db: | NVD | id: | CVE-2017-9964 | date: | 2018-01-02T03:29:00.267 |