ExacqVision Vulnerability Cleared – ISSSource

Exacq Technologies, a subsidiary of Johnson Controls, Inc., has an update available to handle an integer overflow or wraparound in its exacqVision Server 32-bit, according to a report with CISA.

Successful exploitation of this remotely exploitable vulnerability, discovered by Tenable Research, could allow an unauthenticated remote user to exploit an integer overflow in the exacqVision Server with a specially crafted script and cause a denial-of-service condition.

The following versions of Exacq Technologies’ exacqVision surveillance video software products are affected: exacqVision Server 32-bit, versions 21.06.11.0 and prior.