CVE-2019-7589

Опубликовано: 10 мар. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.

Ссылки

https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-070-04
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-070-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:johnsoncontrols:entrapass:*:*:*:*:corporate:*:*:*

Версия до 8.10 (исключая)

cpe:2.3:a:johnsoncontrols:entrapass:*:*:*:*:global:*:*:*

Версия до 8.10 (исключая)

EPSS

Процентиль: 50%

0.00268

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-pr7r-78gh-g536

github

больше 3 лет назад