Johnsoncontrols Istar Ultra Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Johnsoncontrols Istar Ultra Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-21941 — CVSS 10.0 (critical): All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root…
CVE-2023-3127 — CVSS 7.5 (high): An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.