CVE-2020-9045 Vulnerability Details

  /     /     /  

CVE-2020-9045 Metadata Quick Info

CVE Published: 21/05/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: jci | Vendor: Johnson Controls | Product: Software House C•CURE 9000 v2.70
Status : PUBLISHED

CVE-2020-9045 Description

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

Metrics

CVSS Version: 3.1 | Base Score: 9.9 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-312
CWE Name: CWE-312 - Cleartext Storage of Sensitive Information
Source: Johnson Controls

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: