CVE-2020-9045

Published: May 21, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

Affected (2)

Products: Johnsoncontrols: C Cure 9000 Firmware · Tyco: Victor Video Management System

Johnsoncontrols

1 product

C Cure 9000 Firmware

1 product

Victor Video Management System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Johnsoncontrols C Cure 9000 Firmware	Version 2.70
Tyco Victor Video Management System	Version 5.2

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Source: productsecurity@jci.com

PatchVendor Advisory

https://www.us-cert.gov/ics/advisories/ICSA-20-142-01

Source: productsecurity@jci.com

Third Party AdvisoryUS Government Resource

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.us-cert.gov/ics/advisories/ICSA-20-142-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.