Details of VAR-201801-1067

ID

VAR-201801-1067

CVE

CVE-2017-9965

TITLE

Schneider Electric Pelco VideoXpert Enterprise Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-011852 // CNNVD: CNNVD-201706-1083

DESCRIPTION

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. Schneider Electric Pelco VideoXpert Enterprise Contains a path traversal vulnerability.Information may be obtained. PelcoVideoXpertEnterprise is an enterprise video management system. Exploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.<br/><br/>VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)

Trust: 2.61

sources: NVD: CVE-2017-9965 // JVNDB: JVNDB-2017-011852 // CNVD: CNVD-2017-38304 // BID: 102338 // ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-38304

AFFECTED PRODUCTS

vendor:	schneider electric	model:	pelco videoxpert	scope:	lt	version:	2.1	Trust: 1.0
vendor:	schneider electric	model:	pelco videoxpert	scope:	eq	version:	enterprise 2.1	Trust: 0.8
vendor:	schneider electric	model:	pelco videoxpert	scope:	lt	version:	all versions	Trust: 0.8
vendor:	schneider	model:	electric pelco videoxpert enterprise	scope:	lt	version:	2.1	Trust: 0.6
vendor:	schneider electric	model:	pelco videoxpert enterprise	scope:	eq	version:	2.0	Trust: 0.3
vendor:	schneider electric	model:	pelco videoxpert enterprise	scope:	ne	version:	2.1	Trust: 0.3
vendor:	schneider electric se	model:	pelco videoxpert core admin portal directory traversal	scope:	eq	version:	2.0.41	Trust: 0.1
vendor:	schneider electric se	model:	pelco videoxpert core admin portal directory traversal	scope:	eq	version:	1.14.7	Trust: 0.1
vendor:	schneider electric se	model:	pelco videoxpert core admin portal directory traversal	scope:	eq	version:	1.12.105	Trust: 0.1
vendor:	schneider electric se	model:	pelco videoxpert privilege escalations	scope:	eq	version:	core software 1.12.105	Trust: 0.1
vendor:	schneider electric se	model:	pelco videoxpert privilege escalations	scope:	eq	version:	media gateway software 1.12.26	Trust: 0.1
vendor:	schneider electric se	model:	pelco videoxpert privilege escalations	scope:	eq	version:	exports 1.12	Trust: 0.1

sources: ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418 // CNVD: CNVD-2017-38304 // BID: 102338 // JVNDB: JVNDB-2017-011852 // NVD: CVE-2017-9965

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9965
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-9965
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-38304
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201706-1083
value:	MEDIUM
Trust: 0.6
ZSL:	ZSL-2017-5419
value:	(4/5)
Trust: 0.1
ZSL:	ZSL-2017-5418
value:	(3/5)
Trust: 0.1

nvd@nist.gov:	CVE-2017-9965
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-38304
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-9965
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418 // CNVD: CNVD-2017-38304 // JVNDB: JVNDB-2017-011852 // CNNVD: CNNVD-201706-1083 // NVD: CVE-2017-9965

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2017-011852 // NVD: CVE-2017-9965

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1083

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201706-1083

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011852

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418

PATCH

title:	VideoXpert Enterprise Video Management System	url:	https://www.pelco.com/video-management-system/videoxpert	Trust: 0.8
title:	Patch for SchneiderElectricPelcoVideoXpertEnterprise Directory Traversal Vulnerability (CNVD-2017-38304)	url:	https://www.cnvd.org.cn/patchInfo/show/111983	Trust: 0.6

sources: CNVD: CNVD-2017-38304 // JVNDB: JVNDB-2017-011852

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-17-355-02	Trust: 3.5
db:	NVD	id:	CVE-2017-9965	Trust: 3.4
db:	BID	id:	102338	Trust: 1.5
db:	SCHNEIDER	id:	SEVD-2017-339-01	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-011852	Trust: 0.8
db:	CNVD	id:	CNVD-2017-38304	Trust: 0.6
db:	NSFOCUS	id:	38559	Trust: 0.6
db:	CNNVD	id:	CNNVD-201706-1083	Trust: 0.6
db:	CS-HELP	id:	SB2017122204	Trust: 0.2
db:	CXSECURITY	id:	WLB-2017070077	Trust: 0.1
db:	PACKETSTORM	id:	143317	Trust: 0.1
db:	EXPLOIT-DB	id:	42311	Trust: 0.1
db:	ZSL	id:	ZSL-2017-5419	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070078	Trust: 0.1
db:	NVD	id:	CVE-2017-9966	Trust: 0.1
db:	PACKETSTORM	id:	143316	Trust: 0.1
db:	EXPLOIT-DB	id:	42310	Trust: 0.1
db:	ZSL	id:	ZSL-2017-5418	Trust: 0.1

sources: ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418 // CNVD: CNVD-2017-38304 // BID: 102338 // JVNDB: JVNDB-2017-011852 // CNNVD: CNNVD-201706-1083 // NVD: CVE-2017-9965

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-355-02	Trust: 3.5
url:	https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/	Trust: 1.2
url:	http://www.securityfocus.com/bid/102338	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9965	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9965	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/38559	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3
url:	https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp	Trust: 0.2
url:	https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_id=8621588310&p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf&p_reference=sevd-2017-339-01	Trust: 0.2
url:	http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html	Trust: 0.2
url:	https://www.cybersecurity-help.cz/vdb/sb2017122204	Trust: 0.2
url:	http://www.isssource.com/schneider-clears-pelco-vulnerabilities/	Trust: 0.2
url:	http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system	Trust: 0.2
url:	https://www.exploit-db.com/exploits/42311/	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070077	Trust: 0.1
url:	https://packetstormsecurity.com/files/143317	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129663	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965	Trust: 0.1
url:	https://www.exploit-db.com/exploits/42310/	Trust: 0.1
url:	https://packetstormsecurity.com/files/143316	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070078	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129662	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9966	Trust: 0.1

sources: ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418 // CNVD: CNVD-2017-38304 // BID: 102338 // JVNDB: JVNDB-2017-011852 // CNNVD: CNNVD-201706-1083 // NVD: CVE-2017-9965

CREDITS

Gjoko Krstic

Trust: 0.3

sources: BID: 102338

SOURCES

db:	ZSL	id:	ZSL-2017-5419
db:	ZSL	id:	ZSL-2017-5418
db:	CNVD	id:	CNVD-2017-38304
db:	BID	id:	102338
db:	JVNDB	id:	JVNDB-2017-011852
db:	CNNVD	id:	CNNVD-201706-1083
db:	NVD	id:	CVE-2017-9965

LAST UPDATE DATE

2024-11-23T21:39:52.813000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2017-5419	date:	2018-01-13T00:00:00
db:	ZSL	id:	ZSL-2017-5418	date:	2018-01-13T00:00:00
db:	CNVD	id:	CNVD-2017-38304	date:	2017-12-28T00:00:00
db:	BID	id:	102338	date:	2017-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-011852	date:	2018-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201706-1083	date:	2018-01-03T00:00:00
db:	NVD	id:	CVE-2017-9965	date:	2024-11-21T03:37:15.997

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2017-5419	date:	2017-07-10T00:00:00
db:	ZSL	id:	ZSL-2017-5418	date:	2017-07-10T00:00:00
db:	CNVD	id:	CNVD-2017-38304	date:	2017-12-28T00:00:00
db:	BID	id:	102338	date:	2017-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-011852	date:	2018-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201706-1083	date:	2017-06-27T00:00:00
db:	NVD	id:	CVE-2017-9965	date:	2018-01-02T03:29:00.300