GSD-2020-9049

Vulnerability from gsd - Updated: 2023-12-13 01:21
Details
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.
Aliases
Aliases
CVE-2020-9049
To clipboard 

{
  "GSD": {
    "alias": "CVE-2020-9049",
    "description": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House C\u2022CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.",
    "id": "GSD-2020-9049"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9049"
      ],
      "details": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House C\u2022CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.",
      "id": "GSD-2020-9049",
      "modified": "2023-12-13T01:21:53.069033Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productsecurity@jci.com",
        "DATE_PUBLIC": "2020-11-19T14:00:00.000Z",
        "ID": "CVE-2020-9049",
        "STATE": "PUBLIC",
        "TITLE": "victor Web Client and C\u2022CURE Web Client JSON Web Token (JWT) Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "victor Web Client version 5.6 and prior",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "5.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "C\u2022CURE Web Client version 2.90 and prior (Note - This does not affect the new web-based C\u2022CURE 9000 client that was introduced in C\u2022CURE 9000 v2.90)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "2.90"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Johnson Controls"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Joachim Kerschbaumer reported this vulnerability to Johnson Controls, Inc."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House C\u2022CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-285 : Improper Access Control (Authorization)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
            "refsource": "CONFIRM",
            "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
          },
          {
            "name": "ICS-CERT Advisory",
            "refsource": "CERT",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01"
          },
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01",
            "refsource": "MISC",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "victor Web Client\n\n\u2022\tvictor Web Client v5.6 and earlier \u2013 upgrade to v5.6 SP1 (victor Unified Client v5.6 SP1)\n\nRegistered users can obtain the software update by downloading the update found here: https://www.americandynamics.net/support/SoftwareDownloads.aspx.\n\nC\u2022CURE Web Client\n\nC\u2022CURE Web v2.60 and earlier - upgrade to a minimum of v2.70 and install the relevant update below.\n\n\u2022\tC\u2022CURE Web v2.70 - install the update WebClient_c2.70_5.2_Update02\n\u2022\tC\u2022CURE Web v2.80 - install the update WebClient_c2.80_v5.4.1_Update04\n\u2022\tC\u2022CURE Web v2.90 - install the update CCureWeb_2.90_Update01 \n\nRegistered users can obtain the software update by downloading the update found here: https://swhouse.com/Support/SoftwareDownloads.aspx."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:johnsoncontrols:c-cure_web:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.90",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:johnsoncontrols:victor_web:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@jci.com",
          "ID": "CVE-2020-9049"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House C\u2022CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
            },
            {
              "name": "ICS-CERT Advisory",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.7,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-12-04T15:18Z",
      "publishedDate": "2020-11-19T16:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.