// For flags

CVE-2017-9964

 

Severity Score

6.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.

Se descubrió un problema de salto de directorio en todas las versiones anteriores a la 2.1 de Schneider Electric Pelco VideoXpert Enterprise. Al rastrear las comunicaciones, una persona no autorizada puede ejecutar un ataque de salto de directorio, resultando en una omisión de autenticación o de secuestro de sesión.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-06-26 CVE Reserved
  • 2018-01-02 CVE Published
  • 2023-05-25 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
 Pelco Videoxpert
Search vendor "Schneider-electric" for product "Pelco Videoxpert"
 < 2.1
Search vendor "Schneider-electric" for product "Pelco Videoxpert" and version " < 2.1"
enterprise
Affected