CVE-2020-9045 CRITICAL

CVE-2020-9045: C•CURE 9000 and victor Video Management System - Cleartext storage of user credentials upon installation or upgrade of software.

Vendor Johnson Controls
Product Software House C•CURE 9000 v2.70
Weakness CWE-312 · Cleartext storage
Published May 21, 2020
Last update August 4, 2024

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

Key dates

02Disclosure timeline

May 21, 2020 CVE published
August 4, 2024 Record updated