CVE-2020-9049 Information
Jun 07, 2022
cve
Description
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances this could be used by an attacker to impact system availability by conducting a Denial of Service attack.
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://www.johnsoncontrols.com/cyber-solutions/security-advisories https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.3
Share on: