CVE-2017-9966
HIGHPelco VideoXpert < 2.1 - Privilege Escalation via File Replacement
Title source: llmDescription
A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.
References (3)
Core 3
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
Various Sources x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102338
Scores
CVSS v3
7.1
EPSS
0.0053
EPSS Percentile
67.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
schneider-electric/pelco_videoxpert
< 2.1
Published
Jan 02, 2018
Tracked Since
Feb 18, 2026