Vulnerability in Johnson Controls American Dynamics Victor Video Management System V5.2
CVE-2020-9045
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log fil…
EPSS: 0.010 (58.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Johnson Controls American Dynamics Victor Video Management System V5.2 — versions 5.2
- Johnson Controls Software House C•cure 9000 V2.70 — versions 2.70
- Johnsoncontrols C-cure_9000_firmware — versions 2.70
- Tyco Victor_video_management_system — versions 5.2
Weakness classification (CWE)
Public proof-of-concept exploits
References
- productsecurity@jci.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- productsecurity@jci.com (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
Frequently asked questions
- What is CVE-2020-9045?
- CVE-2020-9045 is a critical-severity vulnerability in Johnson Controls American Dynamics Victor Video Management System V5.2, classified under Cleartext Storage of Sensitive Information. CVSS score: 9.9/10. Published 2020-05-21.
- How severe is CVE-2020-9045?
- Critical severity. CVSS v3 base score is 9.9 out of 10.
- Is CVE-2020-9045 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.