Lucene search

JciCVELIST:CVE-2019-7589

HistoryMar 10, 2020 - 7:32 p.m.

CVE-2019-7589 Kantech EntraPass Improper Input Validation

2020-03-1019:32:39

CWE-20

jci

www.cve.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls’ Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.

CNA Affected

[
  {
    "product": "Kantech EntraPass Corporate Edition",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "status": "affected",
        "version": "versions 8.0 and prior"
      }
    ]
  },
  {
    "product": "Kantech EntraPass Global Edition",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "status": "affected",
        "version": "versions 8.0 and prior"
      }
    ]
  }
]

References

www.johnsoncontrols.com/cyber-solutions/security-advisories

www.us-cert.gov/ics/advisories/icsa-20-070-04

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for CVELIST:CVE-2019-7589