CVE-2020-9045 – This vulnerability exposes installation credent... (How to Fix)

Q: What is the severity of CVE-2020-9045?

CVE-2020-9045 has a CVSS score of 9.9 (CRITICAL). This vulnerability exposes installation credentials in plaintext log files during installation or upgrade of affected security systems. Attackers who gain access to these log files can steal administrative credentials, potentially compromising the entire security system. This affects organizations using Software House C•CURE 9000 v2.70 or American Dynamics victor Video Management System v5.2.

📋 TL;DR

This vulnerability exposes installation credentials in plaintext log files during installation or upgrade of affected security systems. Attackers who gain access to these log files can steal administrative credentials, potentially compromising the entire security system. This affects organizations using Software House C•CURE 9000 v2.70 or American Dynamics victor Video Management System v5.2.

💻 Affected Systems

Products:

Software House C•CURE 9000
American Dynamics victor Video Management System

Versions: C•CURE 9000 v2.70, victor Video Management System v5.2

Operating Systems: Windows Server (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable during installation/upgrade processes. The log file persists after installation unless manually removed.

📦 What is this software?

C Cure 9000 Firmware by Johnsoncontrols

View all CVEs affecting C Cure 9000 Firmware →

Victor Video Management System by Tyco

View all CVEs affecting Victor Video Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where attackers gain administrative access, disable security systems, manipulate access controls, and potentially pivot to other network systems.

🟠

Likely Case

Credential theft leading to unauthorized access to security management systems, allowing attackers to view surveillance footage, modify access permissions, or disable security features.

🟢

If Mitigated

Limited impact if logs are properly secured and monitored, with attackers unable to access the credential files.

🌐 Internet-Facing: MEDIUM - While the vulnerability itself doesn't create internet exposure, internet-facing systems with accessible log files could be targeted.

🏢 Internal Only: HIGH - Internal attackers or malware with file system access can easily harvest credentials from unprotected log files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires file system access to read the installation log file. No special tools or techniques needed beyond basic file reading.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: C•CURE 9000 v2.80 and later, victor Video Management System v5.3 and later

Vendor Advisory: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Restart Required: Yes

Instructions:

1. Download updated software from Johnson Controls support portal. 2. Backup current configuration. 3. Run installer with administrative privileges. 4. Follow upgrade wizard. 5. Verify installation and remove old log files.

🔧 Temporary Workarounds

Secure Installation Log Files

all

Manually locate and secure installation log files after installation/upgrade

find /path/to/installation -name "*.log" -type f -exec chmod 600 {} \;
find /path/to/installation -name "*.log" -type f -exec rm -f {} \;

Restrict File System Access

linux

Apply strict file permissions to installation directories

chmod -R 750 /opt/ccure9000
chown -R root:security /opt/ccure9000

🧯 If You Can't Patch

Immediately locate and delete all installation log files containing credentials
Implement strict access controls and monitoring on installation directories

🔍 How to Verify

Check if Vulnerable:

Check for installation log files in default installation directories (typically C:\Program Files\C-CURE 9000 or similar) and search for plaintext credentials

Check Version:

Check application About dialog or run: C-CURE 9000: Check Help > About; victor VMS: Check System Information in admin interface

Verify Fix Applied:

Verify software version is v2.80+ for C•CURE 9000 or v5.3+ for victor VMS, and confirm no plaintext credentials exist in log files

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to installation directories
File read operations on installation log files
Multiple failed login attempts followed by successful login

Network Indicators:

Unusual administrative access patterns
Access from unexpected IP addresses to management interfaces

SIEM Query:

source="windows_security" EventID=4663 ObjectName="*install*.log" OR source="sysmon" EventID=11 TargetFilename="*install*.log"

📊 Metadata

CVE ID: CVE-2020-9045

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-312

Published: May 21, 2020

Last Updated: November 21, 2024

🔗 References

https://www.johnsoncontrols.com/cyber-solutions/security-advisories Patch,Vendor Advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-142-01 Third Party Advisory,US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories Patch,Vendor Advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-142-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9045, you might also want to check these: