Vulnerability in Johnson Controls American Dynamics Victor Video Management System V5.2

CVE-2020-9045

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log fil…

EPSS: 0.010 (58.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2020-9045?
CVE-2020-9045 is a critical-severity vulnerability in Johnson Controls American Dynamics Victor Video Management System V5.2, classified under Cleartext Storage of Sensitive Information. CVSS score: 9.9/10. Published 2020-05-21.
How severe is CVE-2020-9045?
Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2020-9045 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.