Vulnerability CVE-2017-5170


Published: 2018-01-18

Description:
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.

Type:

CWE-427

(Uncontrolled Search Path Element)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
MOXA -> Softnvr-ia live view 

 References:
http://www.securityfocus.com/bid/100208
https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02

Copyright 2022, cxsecurity.com

 

Back to Top