Lucene search
HistoryOct 11, 2022 - 9:15 p.m.
CVE-2021-36201
ccure portal
user accounts
enumeration
vulnerability
ccure 9000
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
32.2%
Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.
Affected configurations
Node
johnsoncontrolsc-cure_9000Match-
johnsoncontrolsc-cure_9000_firmwareRange≤2.90
| Vendor | Product | Version | CPE |
|---|---|---|---|
| johnsoncontrols | c-cure_9000 | - | cpe:2.3:h:johnsoncontrols:c-cure_9000:-:*:*:*:*:*:*:* |
| johnsoncontrols | c-cure_9000_firmware | * | cpe:2.3:o:johnsoncontrols:c-cure_9000_firmware:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2021-36201 CCURE Observable Response Discrepancy
2022-10-11 20:17:42
prion
prion
Code injection
2022-10-11 21:15:00
ics
ics
Sensormatic Electronics C-CURE 9000
2022-10-11 12:00:00
cve
cve
CVE-2021-36201
2022-10-11 21:15:12
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
32.2%
Related for NVD:CVE-2021-36201