id: CVE-2020-9047
info:
name: exacqVision Web Service RCE
author: dwisiswant0
severity: high
description: |
This template supports the detection part only. See references.
A vulnerability exists that could allow the execution of
unauthorized code or operating system commands on systems
running exacqVision Web Service versions 20.06.3.0 and prior
and exacqVision Enterprise Manager versions 20.06.4.0 and prior.
An attacker with administrative privileges could potentially
download and run a malicious executable that
could allow OS command injection on the system.
reference:
- https://github.com/norrismw/CVE-2020-9047
- https://www.johnsoncontrols.com/cyber-solutions/security-advisories
- https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
tags: cve,cve2020,rce,exacqvision,service
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.20
cve-id: CVE-2020-9047
cwe-id: CWE-347
requests:
- method: GET
path:
- "{{BaseURL}}/version.web"
matchers-condition: and
matchers:
- type: word
words:
- "3.10.4.72058"
- "3.12.4.76544"
- "3.8.2.67295"
- "7.0.2.81005"
- "7.2.7.86974"
- "7.4.3.89785"
- "7.6.4.94391"
- "7.8.2.97826"
- "8.0.6.105408"
- "8.2.2.107285"
- "8.4.3.111614"
- "8.6.3.116175"
- "8.8.1.118913"
- "9.0.3.124620"
- "9.2.0.127940"
- "9.4.3.137684"
- "9.6.7.145949"
- "9.8.4.149166"
- "19.03.3.152166"
- "19.06.4.157118"
- "19.09.4.0"
- "19.12.2.0"
- "20.03.2.0"
- "20.06.3.0"
condition: or
part: body
- type: status
status:
- 200
