CVE-2020-9046

Kantech EntraPass Security Management Software - System Permissions Vulnerability

Description

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.

Remediation

Solution:

  • Upgrade all Kantech EntraPass Editions to version 8.23. Registered users can obtain the critical software update by downloading the zip file from the Software Downloads location at https://kantech.com/Support/SoftwareDownloads.aspx.

Categories

8.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.04%
Vendor Advisory johnsoncontrols.com
Affected: Johnson Controls Kantech EntraPass Security Management Software Special Edition versions 8.22 and prior
Affected: Johnson Controls Kantech EntraPass Security Management Software Corporate Edition versions 8.22 and prior
Affected: Johnson Controls Kantech EntraPass Security Management Software Global Edition versions 8.22 and prior
Published at:
Updated at:

References

Link Tags
https://www.johnsoncontrols.com/cyber-solutions/security-advisories vendor advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-147-02 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2020-9046?
CVE-2020-9046 has been scored as a high severity vulnerability.
How to fix CVE-2020-9046?
To fix CVE-2020-9046: Upgrade all Kantech EntraPass Editions to version 8.23. Registered users can obtain the critical software update by downloading the zip file from the Software Downloads location at https://kantech.com/Support/SoftwareDownloads.aspx.
Is CVE-2020-9046 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-9046 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-9046?
CVE-2020-9046 affects Johnson Controls Kantech EntraPass Security Management Software Special Edition versions 8.22 and prior, Johnson Controls Kantech EntraPass Security Management Software Corporate Edition versions 8.22 and prior, Johnson Controls Kantech EntraPass Security Management Software Global Edition versions 8.22 and prior.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.