CVE-2020-9045
CRITICALAmerican Dynamics victor Video Management System 5.2 - Cleartext Credential Storage in Install Log
Title source: llmDescription
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
https://www.us-cert.gov/ics/advisories/ICSA-20-142-01
Scores
CVSS v3
9.9
EPSS
0.0099
EPSS Percentile
58.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-312
Status
published
Products (2)
johnsoncontrols/c-cure_9000_firmware
2.70
tyco/victor_video_management_system
5.2
Published
May 21, 2020
Tracked Since
Feb 18, 2026