ГлавнаяУязвимости → CVE-2023-6260
9критическая

CVE-2023-6260

Описание

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.

Затрагиваемое ПО
Brivo Acs100 firmwareBrivo Acs100Brivo Acs300 firmwareBrivo Acs300
CVSS
Балл9 — критическая
ВекторCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://sra.io/advisories/https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3https://sra.io/advisories/https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3