CVE-2023-6260 HIGH

CVE-2023-6260: Web UI OS Command Injection in Brivo ACS100, ACS300

Vendor Brivo
Product ACS100, ACS300
Weakness CWE-78
Published February 19, 2024
Last update August 2, 2024

CVSS base score

7.4/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.

Key dates

02Disclosure timeline

February 19, 2024 CVE published
August 2, 2024 Record updated