CVE-2023-6260

EUVD-2023-58505
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
brivoacs100_firmware
5.2.4 ≤
𝑥
≤ 6.2.4.3
brivoacs300_firmware
5.2.4 ≤
𝑥
< 6.2.4.3
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
brivoacs100_firmware
5.2.4 ≤
𝑥
< 6.2.4.3
ADP
brivoacs300_firmware
5.2.4 ≤
𝑥
< 6.2.4.3
ADP
Common Weakness Enumeration
References
https://sra.io/advisories/
https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3
https://sra.io/advisories/
https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3