CVE-2023-6260
CVSS 3.1 Score 9.0 of 10 (high)
Attack Complexity low
Confidentiality high
Integrity high
Availability high
Scope changed
Privileges Required low
Details
Published Feb 19, 2024
Updated: Feb 21, 2024
CWE ID 78
Summary
CVE-2023-6260 is a critical OS Command Injection vulnerability affecting Brivo ACS100 (Network Adjacent Access) and ACS300 (Physical Access) systems. This issue, which occurs before version 6.2.4.3, enables attackers to inject malicious OS commands, bypassing the physical security measures in place. The vulnerability stems from improper neutralization of special elements, posing a significant risk to affected organizations. Successful exploitation could result in unauthorized system access and potential data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share