CVE-2020-9046

Summary

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsKantech EntraPass Security Management Software Special Edition versions 8.22 and priorunspecified <= 8.22affected
Johnson ControlsKantech EntraPass Security Management Software Corporate Edition versions 8.22 and priorunspecified <= 8.22affected
Johnson ControlsKantech EntraPass Security Management Software Global Edition versions 8.22 and priorunspecified <= 8.22affected

Weaknesses

  • CWE-284: CWE-284 : Access Control (Authorization) Issues

ADP Enrichment

CVE Program Container

Additional References

References