Sign-up

ID

VAR-201804-0552


CVE

CVE-2017-2802


TITLE

Dell Precision Optimizer Software unreliable search path vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013398

DESCRIPTION

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. Dell Precision Optimizer The software contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. A number of Dell products have security bypass vulnerabilities. A privilege escalation vulnerability. 2. The tool supports automatic adjustment of system settings such as Intel Hyper-Threading, number of CPU cores, processor priority, graphics card, and power supply

Trust: 2.52

sources: NVD: CVE-2017-2802 // JVNDB: JVNDB-2017-013398 // CNVD: CNVD-2017-21750 // BID: 99360 // VULHUB: VHN-111005

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-21750

AFFECTED PRODUCTS

vendor:dellmodel:precision optimizerscope:eqversion:3.5.5.0

Trust: 2.4

vendor:dellmodel:precision towerscope:eqversion:5810

Trust: 0.9

vendor:dellmodel:invincea-xscope:eqversion:6.1.3-24058

Trust: 0.9

vendor:dellmodel:invincea dell protected workspacescope:eqversion:5.1.1-22303

Trust: 0.9

sources: CNVD: CNVD-2017-21750 // BID: 99360 // JVNDB: JVNDB-2017-013398 // CNNVD: CNNVD-201707-081 // NVD: CVE-2017-2802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2802
value: HIGH

Trust: 1.0

NVD: CVE-2017-2802
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-21750
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201707-081
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111005
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2802
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-21750
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111005
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2802
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-21750 // VULHUB: VHN-111005 // JVNDB: JVNDB-2017-013398 // CNNVD: CNNVD-201707-081 // NVD: CVE-2017-2802

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

sources: VULHUB: VHN-111005 // JVNDB: JVNDB-2017-013398 // NVD: CVE-2017-2802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-081

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201707-081

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013398

PATCH
title:トップページurl:https://www.dell.com/ja-jp
Trust: 0.8
title:Patches for multiple Dell product security bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/100438
Trust: 0.6
title:Dell Precision Optimizer Software Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71418
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-21750 // 
            
            
            
            JVNDB: JVNDB-2017-013398 // 
            
            
            
            CNNVD: CNNVD-201707-081

EXTERNAL IDS
db:NVDid:CVE-2017-2802
Trust: 3.4
db:TALOSid:TALOS-2016-0247
Trust: 2.8
db:BIDid:99360
Trust: 2.6
db:JVNDBid:JVNDB-2017-013398
Trust: 0.8
db:CNNVDid:CNNVD-201707-081
Trust: 0.7
db:CNVDid:CNVD-2017-21750
Trust: 0.6
db:TALOSid:TALOS-2016-0246
Trust: 0.3
db:TALOSid:TALOS-2016-0256
Trust: 0.3
db:SEEBUGid:SSVID-96480
Trust: 0.1
db:VULHUBid:VHN-111005
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-21750 // 
            
            
            
            VULHUB: VHN-111005 // 
            
            
            
            BID: 99360 // 
            
            
            
            JVNDB: JVNDB-2017-013398 // 
            
            
            
            CNNVD: CNNVD-201707-081 // 
            
            
            
            NVD: CVE-2017-2802

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2016-0247
Trust: 2.5
url:http://www.securityfocus.com/bid/99360
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2802
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2802
Trust: 0.8
url:http://dell.com
Trust: 0.3
url:https://www.talosintelligence.com/reports/talos-2016-0247
Trust: 0.3
url:https://www.talosintelligence.com/reports/talos-2016-0246
Trust: 0.3
url:https://www.talosintelligence.com/reports/talos-2016-0256
Trust: 0.3
url:http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-21750 // 
            
            
            
            VULHUB: VHN-111005 // 
            
            
            
            BID: 99360 // 
            
            
            
            JVNDB: JVNDB-2017-013398 // 
            
            
            
            CNNVD: CNNVD-201707-081 // 
            
            
            
            NVD: CVE-2017-2802

CREDITS
Marcin ???Icewall??? Noga of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201707-081

SOURCES
db:CNVDid:CNVD-2017-21750
db:VULHUBid:VHN-111005
db:BIDid:99360
db:JVNDBid:JVNDB-2017-013398
db:CNNVDid:CNNVD-201707-081
db:NVDid:CVE-2017-2802

LAST UPDATE DATE
2024-11-23T22:41:53.082000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-21750date:2017-08-18T00:00:00
db:VULHUBid:VHN-111005date:2018-06-13T00:00:00
db:BIDid:99360date:2017-06-30T00:00:00
db:JVNDBid:JVNDB-2017-013398date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201707-081date:2018-12-04T00:00:00
db:NVDid:CVE-2017-2802date:2024-11-21T03:24:10.907

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-21750date:2017-08-18T00:00:00
db:VULHUBid:VHN-111005date:2018-04-24T00:00:00
db:BIDid:99360date:2017-06-30T00:00:00
db:JVNDBid:JVNDB-2017-013398date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201707-081date:2017-06-30T00:00:00
db:NVDid:CVE-2017-2802date:2018-04-24T19:29:01.987