CVE-2023-6260

Published: Feb 19, 2024Modified: Feb 5, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.

Affected (2)

Products: Brivo: Acs100 Firmware, Acs300 Firmware

2 products

Acs100 Firmware

Acs300 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Brivo Acs100 Firmware	From 5.2.4 to 6.2.4.3

Running on/with	Platform Versions
Brivo Acs100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Brivo Acs300 Firmware	From 5.2.4 to 6.2.4.3

Running on/with	Platform Versions
Brivo Acs300	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://sra.io/advisories/

Source: 57dba5dd-1a03-47f6-8b36-e84e47d335d8

Third Party Advisory

https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3

Source: 57dba5dd-1a03-47f6-8b36-e84e47d335d8

Release Notes

https://sra.io/advisories/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.