MidnightBSD

Advisories for brivo

CVE-2023-6260

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
57dba5dd-1a03-47f6-8b36-e84e47d335d8 9.0 CRITICAL CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
brivo acs300_firmware *
brivo acs100_firmware *