Vulnerability Description
A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Pelco Videoxpert | < 2.1 |
References
- http://www.securityfocus.com/bid/102338Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02PatchThird Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/
- http://www.securityfocus.com/bid/102338Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02PatchThird Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/
FAQ
What is CVE-2017-9966?
CVE-2017-9966 is a vulnerability with a CVSS score of 7.1 (HIGH). A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges an...
How severe is CVE-2017-9966?
CVE-2017-9966 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9966?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Pelco Videoxpert.