Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2017-5170 | First vendor Publication | 2018-01-18 |
| Vendor | Cve | Last vendor Modification | 2019-10-09 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.2 | ||
| Base Score | 7.2 | Environmental Score | 7.2 |
| impact SubScore | 5.9 | Temporal Score | 7.2 |
| Exploitabality Sub Score | 1.2 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | High | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5170 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-427 | Uncontrolled Search Path Element |
Sources (Detail)
| Source | Url |
|---|---|
| BID | http://www.securityfocus.com/bid/100208 |
| MISC | https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02 |
Alert History
| Date | Informations |
|---|---|
| 2021-04-22 02:19:02 |
|
| 2020-05-23 02:07:37 |
|
| 2020-05-23 01:02:30 |
|
| 2019-10-10 05:20:00 |
|
| 2018-02-06 17:19:54 |
|
| 2018-01-20 09:22:16 |
|
| 2018-01-19 00:21:52 |
|
