CVE-2020-9047
Description
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
NVD
Severity: HIGH
CVE ID: CVE-2020-9047
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Johnson Controls
Severity: MEDIUM
CVE ID: CVE-2020-9047
CVSS Score: 6.8
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
Proof Of Concept
Nuclei Templates for CVE-2020-9047
Refrence: Project Discovery GitHub
norrismw
Refrence: GitHub