Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9965 — Path Traversal in Pelco Videoxpert

CWE-22 — Path Traversal4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.1%

top 74.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Schneider-electric Pelco Videoxpert Schneider Electric SE Pelco Videoxpert Enterprise

Timeline

PublishedJan 2

Latest updateMay 14

Description

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5schneider_electric_se/pelco_videoxpert_enterpriseVersions 2.0 and prior

▶NVDschneider-electric/pelco_videoxpert< 2.1

Patches

Patch: ics-cert.us-cert.gov ↗Patch: ics-cert.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-xffj-w224-6pmq: An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2↗2022-05-14

▶

CVEList

CVE-2017-9965: An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2↗2018-01-02

▶

💥Exploits & PoCs

Nuclei

Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal

▶