CVE-2017-9965
published 2018-01-02CVE-2017-9965: An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory…
PriorityP342medium5.8CVSS 3.0
AVNACLPRNUINSCCLINAN
EXPLOIT
EPSS
4.65%
90.6th percentile
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | pelco_videoxpert | < 2.1 | 2.1 |
| schneider_electric_se | pelco_videoxpert_enterprise | — | — |
CVSS provenance
nvdv3.05.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xffj-w224-6pmq: An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2
ghsa_unreviewed·2022-05-14
CVE-2017-9965 [MEDIUM] CWE-22 GHSA-xffj-w224-6pmq: An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.
CISA ICS
Schneider Electric Pelco VideoXpert Enterprise
cisa_ics·2017-12-21
Schneider Electric Pelco VideoXpert Enterprise
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric Pelco VideoXpert Enterprise
Last RevisedDecember 21, 2017
Alert CodeICSA-17-355-02
## CVSS v3 7.1
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Schneider Electric
Equipment: Pelco VideoXpert Enterprise
Vulnerabilities: Path Traversal, Improper Access Control
## AFFECTED PRODUCTS
Schneider Electric reports that the vulnerabilities affect the following Pelco VideoXpert Enterprise products:
- Pelco VideoXpert Enterprise all versions prior to 2.1
## IMPACT
Successful exploitation of these vulnerabilities may allow an authorized user t
No detection rules found.
Nuclei
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
nuclei·CVSS 5.8
CVE-2017-9965 [MEDIUM] Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication.
Template:
id: CVE-2017-9965
info:
name: Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
author: 0x_akoko
severity: medium
description: |
Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication.
impact: |
Unauthenticated attackers can view web server files and directories, potentially exposing sensitive con
No writeups or analysis indexed.
http://www.securityfocus.com/bid/102338https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/http://www.securityfocus.com/bid/102338https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/
2018-01-02
Published