Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal

Title: Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
Advisory ID: ZSL-2017-5419
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 10.07.2017
Summary
VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface.
Description
Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
Vendor
Schneider Electric SE - https://www.pelco.com
Affected Version
2.0.41
1.14.7
1.12.105
Tested On
Microsoft Windows 7 Professional SP1 (EN)
Vendor Status
[05.04.2017] Vulnerabilities discovered.
[28.04.2017] Vendor contacted.
[09.07.2017] No response from the vendor.
[10.07.2017] Public security advisory released.
PoC
pelcovideoxpert_fd.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://www.exploit-db.com/exploits/42311/
[2] https://cxsecurity.com/issue/WLB-2017070077
[3] https://packetstormsecurity.com/files/143317
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/129663
Changelog
[10.07.2017] - Initial release
[01.08.2017] - Added reference [1], [2] and [3]
[07.08.2017] - Added reference [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk