CVE-2017-2802

{"id": "CVE-2017-2802", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-04-24T19:29:01.987", "references": [{"url": "http://www.securityfocus.com/bid/99360", "tags": ["Third Party Advisory", "VDB Entry"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de secuestro de DLL en el componente del servicio poaService.exe del software Dell Precision Optimizer 3.5.5.0. Un archivo DLL malicioso nombrado de forma espec\u00edfica ubicado en uno de los directorios a los que se\u00f1ala la variable del entorno PATH conducir\u00e1 a un escalado de privilegios. Un atacante con acceso local al sistema vulnerable puede explotar esta vulnerabilidad."}], "lastModified": "2018-06-13T17:02:21.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:precision_optimizer:3.5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D871C670-6995-4348-9430-66B277F4DEB7"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}