CVE-2020-9047 MEDIUM

CVE-2020-9047: exacqVision Software - Improper Verification of Cryptographic Signature

Vendor Johnson Controls
Product exacqVision Web Service versions 20.03.2.0 and prior
Weakness CWE-347
Published June 26, 2020
Last update August 4, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

Key dates

02Disclosure timeline

June 26, 2020 CVE published
August 4, 2024 Record updated