CVE-2020-9048: victor Web Client - Arbitrary File Deletion Vulnerability
First published: Thu Oct 08 2020(Updated: )
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.
Credit: productsecurity@jci.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Johnsoncontrols Victor Web Client | <=5.4.1 | |
| Tyco C-cure Web Client | <=2.80 | |
| : Sensormatic Electronics, LLC, a subsidiary of Johnson Controls American Dynamics victor Web Client: All versions up to and including v5.4.1 |
Remedy
Upgrade all versions of victor Web Client to v5.6 Registered users can obtain the critical software update by downloading the update found here: https://www.americandynamics.net/support/SoftwareDownloads.aspx.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-9048.
What is the severity of CVE-2020-9048?
The severity of CVE-2020-9048 is high, with a severity value of 8.1.
Which software versions are affected by CVE-2020-9048?
Specified versions of American Dynamics victor Web Client (up to and including 5.4.1) and Software House CCURE Web Client (up to and including 2.80) are affected by CVE-2020-9048.
What can an attacker do with CVE-2020-9048?
An attacker can delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.
How can I fix CVE-2020-9048?
To fix CVE-2020-9048, it is recommended to update to the latest patched versions of American Dynamics victor Web Client and Software House CCURE Web Client.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/johnsoncontrols
- canonical/johnsoncontrols victor web client
- version/johnsoncontrols victor web client/5.4.1
- vendor/tyco
- canonical/tyco c-cure web client
- version/tyco c-cure web client/2.80
- vendor/: sensormatic electronics, llc, a subsidiary of johnson controls
- canonical/: sensormatic electronics, llc, a subsidiary of johnson controls american dynamics victor web client: all versions up to and including v5.4.1