CVE-2020-9047

Description

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

NVD
Severity: HIGH
CVE ID: CVE-2020-9047
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Johnson Controls
Severity: MEDIUM
CVE ID: CVE-2020-9047
CVSS Score: 6.8
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-9047

Refrence: Project Discovery GitHub

norrismw

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept