Vulnerability CVE-2019-7589
Published: 2020-03-10

Description:
A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Johnsoncontrols -> Entrapass 

 References:
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.us-cert.gov/ics/advisories/icsa-20-070-04
Copyright 2024, cxsecurity.com

 

Back to Top