CVE-2021-27660

Summary

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsC-CURE 9000All versions of C-CURE 9000 prior to 2.80 < 2.80affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References