Lucene search

JciCVELIST:CVE-2020-9048

HistoryOct 08, 2020 - 5:29 p.m.

CVE-2020-9048 victor Web Client - Arbitrary File Deletion Vulnerability

2020-10-0817:29:08

CWE-285

jci

www.cve.org

vulnerability

american dynamics

software house

remote attacker

network

arbitrary files

denial of service

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.

CNA Affected

[
  {
    "product": "victor Web Client version 5.4.1 and prior",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "5.4.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-20-282-01

www.johnsoncontrols.com/cyber-solutions/security-advisories

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

Related for CVELIST:CVE-2020-9048