A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.
References
Link | Resource |
---|---|
https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory |
https://www.us-cert.gov/ics/advisories/icsa-20-070-04 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jci
Published: 2020-03-10T19:32:39
Updated: 2020-03-10T19:32:39
Reserved: 2019-02-07T00:00:00
Link: CVE-2019-7589
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-10T20:15:20.350
Modified: 2020-03-11T20:25:10.270
Link: CVE-2019-7589
JSON object: View
Redhat Information
No data.
CWE