Path Traversal Vulnerability in Schneider Electric Pelco VideoXpert Enterprise
CVE-2017-9964

6.9MEDIUM

Key Information:

Vendor

Schneider Electric
Status
Pelco Videoxpert Enterprise
Vendor
CVE Published:
2 January 2018

What is CVE-2017-9964?

A Path Traversal vulnerability has been identified in Schneider Electric's Pelco VideoXpert Enterprise, affecting all versions prior to 2.1. This security flaw allows unauthorized individuals to perform a directory traversal attack through intercepted communications, potentially leading to authentication bypass or session hijacking. As a result, sensitive data could be accessed, putting user information and system integrity at risk. It's crucial for users of this product to apply security patches promptly to mitigate these vulnerabilities.

Affected Version(s)

Pelco VideoXpert Enterprise Versions 2.0 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
x_refsource_MISC
https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102338
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.