Vulnerability Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brivo | Acs100 Firmware | >= 5.2.4, <= 6.2.4.3 |
| Brivo | Acs100 | - |
| Brivo | Acs300 Firmware | >= 5.2.4, < 6.2.4.3 |
| Brivo | Acs300 | - |
Related Weaknesses (CWE)
References
- https://sra.io/advisories/Third Party Advisory
- https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#bRelease Notes
- https://sra.io/advisories/Third Party Advisory
- https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#bRelease Notes
FAQ
What is CVE-2023-6260?
CVE-2023-6260 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue aff...
How severe is CVE-2023-6260?
CVE-2023-6260 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-6260?
Check the references section above for vendor advisories and patch information. Affected products include: Brivo Acs100 Firmware, Brivo Acs100, Brivo Acs300 Firmware, Brivo Acs300.