{"containers":{"cna":{"affected":[{"product":"Kantech EntraPass Security Management Software Special Edition versions 8.22 and prior","vendor":"Johnson Controls","versions":[{"lessThanOrEqual":"8.22","status":"affected","version":"unspecified","versionType":"custom"}]},{"product":"Kantech EntraPass Security Management Software Corporate Edition versions 8.22 and prior","vendor":"Johnson Controls","versions":[{"lessThanOrEqual":"8.22","status":"affected","version":"unspecified","versionType":"custom"}]},{"product":"Kantech EntraPass Security Management Software Global Edition versions 8.22 and prior","vendor":"Johnson Controls","versions":[{"lessThanOrEqual":"8.22","status":"affected","version":"unspecified","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 : Access Control (Authorization) Issues","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-05-26T20:05:08.000Z","orgId":"7281d04a-a537-43df-bfb4-fa4110af9d01","shortName":"jci"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"name":"ICS-CERT Advisory","tags":["third-party-advisory","x_refsource_CERT"],"url":"https://www.us-cert.gov/ics/advisories/ICSA-20-147-02"}],"solutions":[{"lang":"en","value":"Upgrade all Kantech EntraPass Editions to version 8.23.\n\nRegistered users can obtain the critical software update by downloading the zip file from the Software Downloads location at https://kantech.com/Support/SoftwareDownloads.aspx."}],"source":{"discovery":"EXTERNAL"},"title":"Kantech EntraPass Security Management Software - System Permissions Vulnerability","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"productsecurity@jci.com","ID":"CVE-2020-9046","STATE":"PUBLIC","TITLE":"Kantech EntraPass Security Management Software - System Permissions Vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Kantech EntraPass Security Management Software Special Edition versions 8.22 and prior","version":{"version_data":[{"version_affected":"<=","version_value":"8.22"}]}},{"product_name":"Kantech EntraPass Security Management Software Corporate Edition versions 8.22 and prior","version":{"version_data":[{"version_affected":"<=","version_value":"8.22"}]}},{"product_name":"Kantech EntraPass Security Management Software Global Edition versions 8.22 and prior","version":{"version_data":[{"version_affected":"<=","version_value":"8.22"}]}}]},"vendor_name":"Johnson Controls"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284 : Access Control (Authorization) Issues"}]}]},"references":{"reference_data":[{"name":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","refsource":"CONFIRM","url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"name":"ICS-CERT Advisory","refsource":"CERT","url":"https://www.us-cert.gov/ics/advisories/ICSA-20-147-02"}]},"solution":[{"lang":"en","value":"Upgrade all Kantech EntraPass Editions to version 8.23.\n\nRegistered users can obtain the critical software update by downloading the zip file from the Software Downloads location at https://kantech.com/Support/SoftwareDownloads.aspx."}],"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T10:19:19.774Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"name":"ICS-CERT Advisory","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"https://www.us-cert.gov/ics/advisories/ICSA-20-147-02"}]}]},"cveMetadata":{"assignerOrgId":"7281d04a-a537-43df-bfb4-fa4110af9d01","assignerShortName":"jci","cveId":"CVE-2020-9046","datePublished":"2020-05-26T20:05:08.000Z","dateReserved":"2020-02-18T00:00:00.000Z","dateUpdated":"2024-08-04T10:19:19.774Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}