CVE-2019-7589
Summary
| CVE | CVE-2019-7589 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-03-10 20:15:00 UTC |
| Updated | 2020-03-11 20:25:00 UTC |
| Description | A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Johnsoncontrols | Entrapass | All | All | All | All |
| Application | Johnsoncontrols | Entrapass | All | All | All | All |
| Application | Johnsoncontrols | Entrapass | All | All | All | All |
| Application | Johnsoncontrols | Entrapass | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Johnson Controls Kantech EntraPass | CISA | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| Product Security Advisories | CONFIRM | www.johnsoncontrols.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Joachim Kerschbaumer
There are currently no legacy QID mappings associated with this CVE.