CVE-2020-9048

Опубликовано: 08 окт. 2020

Источник: nvd

CVSS3: 7.1

CVSS3: 8.1

CVSS2: 7.8

EPSS Низкий

Описание

A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-20-282-01
Mitigation
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Patch
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-01
Mitigation
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:johnsoncontrols:victor_web_client:*:*:*:*:*:*:*:*

Версия до 5.4.1 (включая)

cpe:2.3:a:tyco:c-cure_web_client:*:*:*:*:*:*:*:*

Версия до 2.80 (включая)

EPSS

Процентиль: 76%

0.00977

Низкий

7.1 High

CVSS3

8.1 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-285

CWE-732

Связанные уязвимости

GHSA-9c36-q7xc-rp9j

CVSS3: 8.1

github

больше 3 лет назад

A vulnerability in victor Web Client versions up to and including v5.4.1 could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.

EPSS

Процентиль: 76%

0.00977

Низкий

7.1 High

CVSS3

8.1 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-285

CWE-732