Sign-up

ID

VAR-201801-1068


CVE

CVE-2017-9966


TITLE

Schneider Electric Pelco VideoXpert Enterprise Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011853

DESCRIPTION

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level. Schneider Electric Pelco VideoXpert Enterprise Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoVideoXpertEnterprise is an enterprise video management system. Schneider Electric Pelco VideoXpert Enterprise is prone to multiple directory traversal and an access-bypass vulnerabilities. Exploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.<br/><br/>VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)

Trust: 2.61

sources: NVD: CVE-2017-9966 // JVNDB: JVNDB-2017-011853 // CNVD: CNVD-2017-38303 // BID: 102338 // ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38303

AFFECTED PRODUCTS

vendor:schneider electricmodel:pelco videoxpertscope:ltversion:2.1

Trust: 1.0

vendor:schneider electricmodel:pelco videoxpertscope:eqversion:enterprise 2.1

Trust: 0.8

vendor:schneider electricmodel:pelco videoxpertscope:ltversion:all versions

Trust: 0.8

vendor:schneidermodel:electric pelco videoxpert enterprisescope:ltversion:2.1

Trust: 0.6

vendor:schneider electricmodel:pelco videoxpert enterprisescope:eqversion:2.0

Trust: 0.3

vendor:schneider electricmodel:pelco videoxpert enterprisescope:neversion:2.1

Trust: 0.3

vendor:schneider electric semodel:pelco videoxpert core admin portal directory traversalscope:eqversion:2.0.41

Trust: 0.1

vendor:schneider electric semodel:pelco videoxpert core admin portal directory traversalscope:eqversion:1.14.7

Trust: 0.1

vendor:schneider electric semodel:pelco videoxpert core admin portal directory traversalscope:eqversion:1.12.105

Trust: 0.1

vendor:schneider electric semodel:pelco videoxpert privilege escalationsscope:eqversion:core software 1.12.105

Trust: 0.1

vendor:schneider electric semodel:pelco videoxpert privilege escalationsscope:eqversion:media gateway software 1.12.26

Trust: 0.1

vendor:schneider electric semodel:pelco videoxpert privilege escalationsscope:eqversion:exports 1.12

Trust: 0.1

sources: ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418 // CNVD: CNVD-2017-38303 // BID: 102338 // JVNDB: JVNDB-2017-011853 // NVD: CVE-2017-9966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9966
value: HIGH

Trust: 1.0

NVD: CVE-2017-9966
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-38303
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-1082
value: HIGH

Trust: 0.6

ZSL: ZSL-2017-5419
value: (4/5)

Trust: 0.1

ZSL: ZSL-2017-5418
value: (3/5)

Trust: 0.1

nvd@nist.gov: CVE-2017-9966
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38303
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-9966
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZSL: ZSL-2017-5419 // ZSL: ZSL-2017-5418 // CNVD: CNVD-2017-38303 // JVNDB: JVNDB-2017-011853 // CNNVD: CNNVD-201706-1082 // NVD: CVE-2017-9966

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-011853 // NVD: CVE-2017-9966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1082

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201706-1082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011853

EXPLOIT AVAILABILITY
sources:
            
            
            ZSL: ZSL-2017-5419 // 
            
            
            
            ZSL: ZSL-2017-5418

PATCH
title:VideoXpert Enterprise Video Management Systemurl:https://www.pelco.com/video-management-system/videoxpert
Trust: 0.8
title:SchneiderElectricPelcoVideoXpertEnterprise privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/111985
Trust: 0.6
title:Schneider Electric Pelco VideoXpert Enterprise Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99879
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38303 // 
            
            
            
            JVNDB: JVNDB-2017-011853 // 
            
            
            
            CNNVD: CNNVD-201706-1082

EXTERNAL IDS
db:ICS CERTid:ICSA-17-355-02
Trust: 3.5
db:NVDid:CVE-2017-9966
Trust: 3.4
db:BIDid:102338
Trust: 2.1
db:SCHNEIDERid:SEVD-2017-339-01
Trust: 1.8
db:JVNDBid:JVNDB-2017-011853
Trust: 0.8
db:CNVDid:CNVD-2017-38303
Trust: 0.6
db:CNNVDid:CNNVD-201706-1082
Trust: 0.6
db:CS-HELPid:SB2017122204
Trust: 0.2
db:CXSECURITYid:WLB-2017070077
Trust: 0.1
db:NVDid:CVE-2017-9965
Trust: 0.1
db:PACKETSTORMid:143317
Trust: 0.1
db:EXPLOIT-DBid:42311
Trust: 0.1
db:ZSLid:ZSL-2017-5419
Trust: 0.1
db:CXSECURITYid:WLB-2017070078
Trust: 0.1
db:PACKETSTORMid:143316
Trust: 0.1
db:EXPLOIT-DBid:42310
Trust: 0.1
db:ZSLid:ZSL-2017-5418
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2017-5419 // 
            
            
            
            ZSL: ZSL-2017-5418 // 
            
            
            
            CNVD: CNVD-2017-38303 // 
            
            
            
            BID: 102338 // 
            
            
            
            JVNDB: JVNDB-2017-011853 // 
            
            
            
            CNNVD: CNNVD-201706-1082 // 
            
            
            
            NVD: CVE-2017-9966

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-355-02
Trust: 3.5
url:https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/
Trust: 1.8
url:http://www.securityfocus.com/bid/102338
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9966
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9966
Trust: 0.8
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp
Trust: 0.2
url:https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&amp;p_file_id=8621588310&amp;p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf&amp;p_reference=sevd-2017-339-01
Trust: 0.2
url:http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html
Trust: 0.2
url:https://www.cybersecurity-help.cz/vdb/sb2017122204
Trust: 0.2
url:http://www.isssource.com/schneider-clears-pelco-vulnerabilities/
Trust: 0.2
url:http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system
Trust: 0.2
url:https://www.exploit-db.com/exploits/42311/
Trust: 0.1
url:https://cxsecurity.com/issue/wlb-2017070077
Trust: 0.1
url:https://packetstormsecurity.com/files/143317
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/129663
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-9965
Trust: 0.1
url:https://www.exploit-db.com/exploits/42310/
Trust: 0.1
url:https://packetstormsecurity.com/files/143316
Trust: 0.1
url:https://cxsecurity.com/issue/wlb-2017070078
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/129662
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2017-5419 // 
            
            
            
            ZSL: ZSL-2017-5418 // 
            
            
            
            CNVD: CNVD-2017-38303 // 
            
            
            
            BID: 102338 // 
            
            
            
            JVNDB: JVNDB-2017-011853 // 
            
            
            
            CNNVD: CNNVD-201706-1082 // 
            
            
            
            NVD: CVE-2017-9966

CREDITS
Gjoko Krstic
Trust: 0.3
sources:
            
            
            BID: 102338

SOURCES
db:ZSLid:ZSL-2017-5419
db:ZSLid:ZSL-2017-5418
db:CNVDid:CNVD-2017-38303
db:BIDid:102338
db:JVNDBid:JVNDB-2017-011853
db:CNNVDid:CNNVD-201706-1082
db:NVDid:CVE-2017-9966

LAST UPDATE DATE
2024-11-23T21:39:52.860000+00:00

SOURCES UPDATE DATE
db:ZSLid:ZSL-2017-5419date:2018-01-13T00:00:00
db:ZSLid:ZSL-2017-5418date:2018-01-13T00:00:00
db:CNVDid:CNVD-2017-38303date:2017-12-28T00:00:00
db:BIDid:102338date:2017-12-21T00:00:00
db:JVNDBid:JVNDB-2017-011853date:2018-01-30T00:00:00
db:CNNVDid:CNNVD-201706-1082date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9966date:2024-11-21T03:37:16.120

SOURCES RELEASE DATE
db:ZSLid:ZSL-2017-5419date:2017-07-10T00:00:00
db:ZSLid:ZSL-2017-5418date:2017-07-10T00:00:00
db:CNVDid:CNVD-2017-38303date:2017-12-28T00:00:00
db:BIDid:102338date:2017-12-21T00:00:00
db:JVNDBid:JVNDB-2017-011853date:2018-01-30T00:00:00
db:CNNVDid:CNNVD-201706-1082date:2017-06-27T00:00:00
db:NVDid:CVE-2017-9966date:2018-01-02T03:29:00.330