CVE-2017-9964Path Traversal in Pelco Videoxpert

CWE-22Path Traversal3 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
0.5%
top 32.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric Pelco VideoxpertSchneider Electric SE Pelco Videoxpert Enterprise
Timeline
PublishedJan 2
Latest updateMay 14

Description

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:NExploitability: 1.6 | Impact: 4.7

Affected Packages2 packages

CVEListV5schneider_electric_se/pelco_videoxpert_enterpriseVersions 2.0 and prior

Patches

Patch: ics-cert.us-cert.govPatch: ics-cert.us-cert.gov

🔴Vulnerability Details

2
GHSA
GHSA-rq56-32m2-gfc7: A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 22022-05-14
CVEList
CVE-2017-9964: A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 22018-01-02
CVE-2017-9964 — Path Traversal in Pelco Videoxpert | cvebase