Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-9048
PUBLISHED
More InfoOfficial Page
Assigner-jci
Assigner Org ID-7281d04a-a537-43df-bfb4-fa4110af9d01
View Known Exploited Vulnerability (KEV) details
Published At-08 Oct, 2020 | 17:29
Updated At-16 Sep, 2024 | 18:39
Rejected At-
▼CVE Numbering Authority (CNA)
victor Web Client - Arbitrary File Deletion Vulnerability

A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.

Affected Products
Vendor
Johnson Controls
Product
victor Web Client version 5.4.1 and prior
Versions
Affected
  • From unspecified through 5.4.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285 : Improper Access Control (Authorization)
Type: CWE
CWE ID: CWE-285
Description: CWE-285 : Improper Access Control (Authorization)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade all versions of victor Web Client to v5.6 Registered users can obtain the critical software update by downloading the update found here: https://www.americandynamics.net/support/SoftwareDownloads.aspx.

Configurations
Workarounds
Exploits
Credits
Joachim Kerschbaumer reported this vulnerability to Johnson Controls, Inc.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-01
third-party-advisory
x_refsource_CERT
Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-20-282-01
Resource:
third-party-advisory
x_refsource_CERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-01
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-20-282-01
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Details not found