### [CVE-2021-27660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27660)
![](https://img.shields.io/static/v1?label=Product&message=C-CURE%209000&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=All%20versions%20of%20C-CURE%209000%20prior%20to%202.80%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brightgreen)

### Description

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.

### POC

#### Reference
- https://www.johnsoncontrols.com/cyber-solutions/security-advisories

#### Github
No PoCs found on GitHub currently.