Vulnerability-Lookup

CVE-2017-2802 (GCVE-0-2017-2802)

Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-17 03:59

Summary

Severity ?

No CVSS data available.

CWE

dll hijiacking

Assigner

talos

References

2 references

URL	Tags
https://www.talosintelligence.com/vulnerability_r…	x_refsource_MISC
http://www.securityfocus.com/bid/99360	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
dell	Dell	Affected: Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0

Date Public ?

2017-06-30 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
          },
          {
            "name": "99360",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99360"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dell",
          "vendor": "dell",
          "versions": [
            {
              "status": "affected",
              "version": "Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "dll hijiacking",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-25T09:57:01.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
        },
        {
          "name": "99360",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99360"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2017-2802",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dell",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "dll hijiacking"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
            },
            {
              "name": "99360",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99360"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2017-2802",
    "datePublished": "2018-04-24T19:00:00.000Z",
    "dateReserved": "2016-12-01T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:59:10.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-2802",
      "date": "2026-05-12",
      "epss": "0.00218",
      "percentile": "0.441"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2802\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2018-04-24T19:29:01.987\",\"lastModified\":\"2024-11-21T03:24:10.907\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad explotable de secuestro de DLL en el componente del servicio poaService.exe del software Dell Precision Optimizer 3.5.5.0. Un archivo DLL malicioso nombrado de forma espec\u00edfica ubicado en uno de los directorios a los que se\u00f1ala la variable del entorno PATH conducir\u00e1 a un escalado de privilegios. Un atacante con acceso local al sistema vulnerable puede explotar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:precision_optimizer:3.5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D871C670-6995-4348-9430-66B277F4DEB7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99360\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}

GHSA-62QH-J3W2-PGRJ

Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-24T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.",
  "id": "GHSA-62qh-j3w2-pgrj",
  "modified": "2022-05-14T03:18:33Z",
  "published": "2022-05-14T03:18:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2802"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99360"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201804-0552

Vulnerability from variot - Updated: 2024-11-23 22:41

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. Dell Precision Optimizer The software contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. A number of Dell products have security bypass vulnerabilities. A privilege escalation vulnerability. 2. The tool supports automatic adjustment of system settings such as Intel Hyper-Threading, number of CPU cores, processor priority, graphics card, and power supply

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0552",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "precision optimizer",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "dell",
        "version": "3.5.5.0"
      },
      {
        "model": "precision tower",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "dell",
        "version": "5810"
      },
      {
        "model": "invincea-x",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "dell",
        "version": "6.1.3-24058"
      },
      {
        "model": "invincea dell protected workspace",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "dell",
        "version": "5.1.1-22303"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "BID",
        "id": "99360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:dell:precision_optimizer",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marcin ???Icewall??? Noga of Cisco Talos.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-2802",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-2802",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-21750",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-111005",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-2802",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2802",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2802",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-21750",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-081",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111005",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. Dell Precision Optimizer The software contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. A number of Dell products have security bypass vulnerabilities. A privilege escalation vulnerability. \n2. The tool supports automatic adjustment of system settings such as Intel Hyper-Threading, number of CPU cores, processor priority, graphics card, and power supply",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2802"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "BID",
        "id": "99360"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111005"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2802",
        "trust": 3.4
      },
      {
        "db": "TALOS",
        "id": "TALOS-2016-0247",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "99360",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750",
        "trust": 0.6
      },
      {
        "db": "TALOS",
        "id": "TALOS-2016-0246",
        "trust": 0.3
      },
      {
        "db": "TALOS",
        "id": "TALOS-2016-0256",
        "trust": 0.3
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-96480",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-111005",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111005"
      },
      {
        "db": "BID",
        "id": "99360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "id": "VAR-201804-0552",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111005"
      }
    ],
    "trust": 1.575
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:41:53.082000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "https://www.dell.com/ja-jp"
      },
      {
        "title": "Patches for multiple Dell product security bypass vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/100438"
      },
      {
        "title": "Dell Precision Optimizer Software Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71418"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-426",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2016-0247"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/99360"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2802"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2802"
      },
      {
        "trust": 0.3,
        "url": "http://dell.com"
      },
      {
        "trust": 0.3,
        "url": "https://www.talosintelligence.com/reports/talos-2016-0247"
      },
      {
        "trust": 0.3,
        "url": "https://www.talosintelligence.com/reports/talos-2016-0246"
      },
      {
        "trust": 0.3,
        "url": "https://www.talosintelligence.com/reports/talos-2016-0256"
      },
      {
        "trust": 0.3,
        "url": "http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111005"
      },
      {
        "db": "BID",
        "id": "99360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111005"
      },
      {
        "db": "BID",
        "id": "99360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "date": "2018-04-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111005"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "BID",
        "id": "99360"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      },
      {
        "date": "2018-04-24T19:29:01.987000",
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-21750"
      },
      {
        "date": "2018-06-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111005"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "BID",
        "id": "99360"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      },
      {
        "date": "2018-12-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      },
      {
        "date": "2024-11-21T03:24:10.907000",
        "db": "NVD",
        "id": "CVE-2017-2802"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell Precision Optimizer Software unreliable search path vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013398"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-081"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-21750

Vulnerability from cnvd - Published: 2017-08-18

Title

多款Dell产品安全绕过漏洞

Description

Dell是一家总部位于美国德克萨斯州朗德罗克企业。多款Dell产品存在安全绕过漏洞。攻击者可以利用漏洞绕过身份验证机制并获得未经授权的访问权限。

Severity

中

Patch Name

多款Dell产品安全绕过漏洞的补丁

Patch Description

Dell是一家总部位于美国德克萨斯州朗德罗克企业。多款Dell产品存在安全绕过漏洞。攻击者可以利用漏洞绕过身份验证机制并获得未经授权的访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html

Reference

http://www.securityfocus.com/bid/99360

Impacted products

Name
['DELL Precision Tower 5810', 'DELL Invincea-X 6.1.3-24058', 'DELL Invincea Dell Protected Workspace 5.1.1-22303']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99360"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2802"
    }
  },
  "description": "Dell\u662f\u4e00\u5bb6\u603b\u90e8\u4f4d\u4e8e\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u6717\u5fb7\u7f57\u514b\u4f01\u4e1a\u3002\r\n\r\n\u591a\u6b3eDell\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5e76\u83b7\u5f97\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Marcin \u00e2??Icewall\u00e2?? Noga of Cisco Talos.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-21750",
  "openTime": "2017-08-18",
  "patchDescription": "Dell\u662f\u4e00\u5bb6\u603b\u90e8\u4f4d\u4e8e\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u6717\u5fb7\u7f57\u514b\u4f01\u4e1a\u3002\r\n\r\n\u591a\u6b3eDell\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5e76\u83b7\u5f97\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eDell\u4ea7\u54c1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "DELL Precision Tower 5810",
      "DELL  Invincea-X  6.1.3-24058",
      "DELL  Invincea Dell Protected Workspace 5.1.1-22303"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99360",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-05",
  "title": "\u591a\u6b3eDell\u4ea7\u54c1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2017-2802

Vulnerability from fkie_nvd - Published: 2018-04-24 19:29 - Updated: 2024-11-21 03:24

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
talos-cna@cisco.com	http://www.securityfocus.com/bid/99360	Third Party Advisory, VDB Entry
talos-cna@cisco.com	https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99360	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247	Exploit, Technical Description, Third Party Advisory

Impacted products

	Vendor	Product	Version
	dell	precision_optimizer	3.5.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:precision_optimizer:3.5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D871C670-6995-4348-9430-66B277F4DEB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad explotable de secuestro de DLL en el componente del servicio poaService.exe del software Dell Precision Optimizer 3.5.5.0. Un archivo DLL malicioso nombrado de forma espec\u00edfica ubicado en uno de los directorios a los que se\u00f1ala la variable del entorno PATH conducir\u00e1 a un escalado de privilegios. Un atacante con acceso local al sistema vulnerable puede explotar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2017-2802",
  "lastModified": "2024-11-21T03:24:10.907",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-24T19:29:01.987",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99360"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-2802

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2802

Aliases

CVE-2017-2802

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2802",
    "description": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.",
    "id": "GSD-2017-2802"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2802"
      ],
      "details": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.",
      "id": "GSD-2017-2802",
      "modified": "2023-12-13T01:21:05.757514Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "DATE_PUBLIC": "2017-06-30T00:00:00",
        "ID": "CVE-2017-2802",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Dell",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "dll hijiacking"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247",
            "refsource": "MISC",
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
          },
          {
            "name": "99360",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99360"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:precision_optimizer:3.5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2017-2802"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
            },
            {
              "name": "99360",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99360"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-06-13T17:02Z",
      "publishedDate": "2018-04-24T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2802 (GCVE-0-2017-2802)

GHSA-62QH-J3W2-PGRJ

VAR-201804-0552

CNVD-2017-21750

FKIE_CVE-2017-2802

GSD-2017-2802

Tags

Sightings

Nomenclature