CVE-2017-5170
Last modified
CVE-2017-5170 is a vulnerability of currently unknown severity. An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. EPSS estimates a 1.51% chance of exploitation in the next 30 days.
Description
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Softnvr-Ia Live View | <= 3.3 |
References
- http://www.securityfocus.com/bid/100208Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02Mitigation, Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/100208Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5170?
How severe is CVE-2017-5170?
How do I fix CVE-2017-5170?
Are you affected by CVE-2017-5170?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST