VAR-201804-0552
Vulnerability from variot - Updated: 2024-11-23 22:41An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. Dell Precision Optimizer The software contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. A number of Dell products have security bypass vulnerabilities. A privilege escalation vulnerability. 2. The tool supports automatic adjustment of system settings such as Intel Hyper-Threading, number of CPU cores, processor priority, graphics card, and power supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0552",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "precision optimizer",
"scope": "eq",
"trust": 2.4,
"vendor": "dell",
"version": "3.5.5.0"
},
{
"model": "precision tower",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "5810"
},
{
"model": "invincea-x",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "6.1.3-24058"
},
{
"model": "invincea dell protected workspace",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "5.1.1-22303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
},
{
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:precision_optimizer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin ???Icewall??? Noga of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
}
],
"trust": 0.6
},
"cve": "CVE-2017-2802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-21750",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-111005",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-2802",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2802",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-2802",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-21750",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-111005",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "VULHUB",
"id": "VHN-111005"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
},
{
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. Dell Precision Optimizer The software contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. A number of Dell products have security bypass vulnerabilities. A privilege escalation vulnerability. \n2. The tool supports automatic adjustment of system settings such as Intel Hyper-Threading, number of CPU cores, processor priority, graphics card, and power supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2802"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "VULHUB",
"id": "VHN-111005"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2802",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2016-0247",
"trust": 2.8
},
{
"db": "BID",
"id": "99360",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-081",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21750",
"trust": 0.6
},
{
"db": "TALOS",
"id": "TALOS-2016-0246",
"trust": 0.3
},
{
"db": "TALOS",
"id": "TALOS-2016-0256",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-96480",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-111005",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "VULHUB",
"id": "VHN-111005"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
},
{
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"id": "VAR-201804-0552",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "VULHUB",
"id": "VHN-111005"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
}
]
},
"last_update_date": "2024-11-23T22:41:53.082000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.dell.com/ja-jp"
},
{
"title": "Patches for multiple Dell product security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100438"
},
{
"title": "Dell Precision Optimizer Software Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71418"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111005"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2016-0247"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99360"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2802"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2802"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.3,
"url": "https://www.talosintelligence.com/reports/talos-2016-0247"
},
{
"trust": 0.3,
"url": "https://www.talosintelligence.com/reports/talos-2016-0246"
},
{
"trust": 0.3,
"url": "https://www.talosintelligence.com/reports/talos-2016-0256"
},
{
"trust": 0.3,
"url": "http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "VULHUB",
"id": "VHN-111005"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
},
{
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"db": "VULHUB",
"id": "VHN-111005"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
},
{
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-111005"
},
{
"date": "2017-06-30T00:00:00",
"db": "BID",
"id": "99360"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-081"
},
{
"date": "2018-04-24T19:29:01.987000",
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21750"
},
{
"date": "2018-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-111005"
},
{
"date": "2017-06-30T00:00:00",
"db": "BID",
"id": "99360"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013398"
},
{
"date": "2018-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-081"
},
{
"date": "2024-11-21T03:24:10.907000",
"db": "NVD",
"id": "CVE-2017-2802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Precision Optimizer Software unreliable search path vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013398"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-081"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…