← Retour aux CVEs
CVE-2019-7589
CRITICAL9.8
Description
A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/10/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
johnsoncontrols:entrapass
Faiblesses (CWE)
CWE-20CWE-20
References
https://www.johnsoncontrols.com/cyber-solutions/security-advisories(productsecurity@jci.com)
https://www.us-cert.gov/ics/advisories/icsa-20-070-04(productsecurity@jci.com)
https://www.johnsoncontrols.com/cyber-solutions/security-advisories(af854a3a-2127-422b-91ae-364da2661108)
https://www.us-cert.gov/ics/advisories/icsa-20-070-04(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.