CVE-2020-9048 : Security Advisory and Response
Learn about CVE-2020-9048 affecting American Dynamics victor Web Client versions prior to 5.4.1. Find out the impact, technical details, and mitigation steps.
American Dynamics victor Web Client and Software House CCURE Web Client versions prior to 5.4.1 are affected by a vulnerability that could allow remote attackers to delete files or conduct Denial of Service attacks.
Understanding CVE-2020-9048
This CVE involves an arbitrary file deletion vulnerability in the victor Web Client.
What is CVE-2020-9048?
The vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client allows remote unauthenticated attackers to delete arbitrary files or render the system unusable through a Denial of Service attack.
The Impact of CVE-2020-9048
The vulnerability has a CVSS base score of 7.1, indicating a high severity issue with integrity impact.
Technical Details of CVE-2020-9048
The technical details of the CVE provide insight into the vulnerability and its implications.
Vulnerability Description
The vulnerability allows remote unauthenticated attackers to delete arbitrary files or conduct Denial of Service attacks.
Affected Systems and Versions
- Product: victor Web Client version 5.4.1 and prior
- Vendor: Johnson Controls
- Versions: <= 5.4.1
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Adjacent Network
- Availability Impact: Low
- Integrity Impact: High
- Privileges Required: None
- User Interaction: None
Mitigation and Prevention
Taking immediate steps and implementing long-term security practices are crucial to mitigate the risks associated with CVE-2020-9048.
Immediate Steps to Take
- Upgrade all versions of victor Web Client to v5.6
Long-Term Security Practices
- Regularly update software and systems
- Implement proper access controls and authentication mechanisms
Patching and Updates
Registered users can obtain the critical software update by downloading it from the official website.