Vulnerability Description
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Softnvr-Ia Live View | <= 3.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100208Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100208Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-5170?
CVE-2017-5170 is a vulnerability with a CVSS score of 7.2 (HIGH). An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has bee...
How severe is CVE-2017-5170?
CVE-2017-5170 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5170?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Softnvr-Ia Live View.