Path Traversal Vulnerability in Schneider Electric Pelco VideoXpert Enterprise
CVE-2017-9964
6.9MEDIUM
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 2 January 2018
Summary
A Path Traversal vulnerability has been identified in Schneider Electric's Pelco VideoXpert Enterprise, affecting all versions prior to 2.1. This security flaw allows unauthorized individuals to perform a directory traversal attack through intercepted communications, potentially leading to authentication bypass or session hijacking. As a result, sensitive data could be accessed, putting user information and system integrity at risk. It's crucial for users of this product to apply security patches promptly to mitigate these vulnerabilities.
Affected Version(s)
Pelco VideoXpert Enterprise Versions 2.0 and prior
References
CVSS V3.1
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved