MidnightBSD

Advisories for tyco

CVE-2020-9045 MEDIUM

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
productsecurity@jci.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
tyco victor_video_management_system 5.2
johnsoncontrols c-cure_9000_firmware 2.70
CVE-2020-9048 HIGH

A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productsecurity@jci.com 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 2.8 4.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-285,CWE-732,

Products Affected

Vendor Product Version
tyco c-cure_web_client *
johnsoncontrols victor_web_client *