CVE-2023-6260

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6260
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sra.io/advisories/ Third Party Advisory
https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3 Release Notes
https://sra.io/advisories/ Third Party Advisory
https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3 Release Notes
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:brivo:acs100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:brivo:acs100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:brivo:acs300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:brivo:acs300:-:*:*:*:*:*:*:*
History

05 Feb 2025, 22:35

Type Values Removed Values Added
First Time Brivo acs100 Firmware
Brivo
Brivo acs100
Brivo acs300 Firmware
Brivo acs300
References () https://sra.io/advisories/ - () https://sra.io/advisories/ - Third Party Advisory
References () https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3 - () https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3 - Release Notes
CPE cpe:2.3:h:brivo:acs100:-:*:*:*:*:*:*:*
cpe:2.3:o:brivo:acs100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:brivo:acs300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:brivo:acs300:-:*:*:*:*:*:*:*

21 Nov 2024, 08:43

Type Values Removed Values Added
References () https://sra.io/advisories/ - () https://sra.io/advisories/ -
References () https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3 - () https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3 -

21 Feb 2024, 15:15

Type Values Removed Values Added
References
  • () https://support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3 -

20 Feb 2024, 19:50

Type Values Removed Values Added
Summary
  • (es) Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en Brivo ACS100, ACS300 permite la inyección de comandos del sistema operativo, evitando la seguridad física. Este problema afecta a ACS100 (acceso adyacente a la red), ACS300 (acceso físico): desde 5.2 .4 antes del 6.2.4.3.

19 Feb 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-19 22:15

Updated : 2025-02-05 22:35

NVD link : CVE-2023-6260

Mitre link : CVE-2023-6260

CVE.ORG link : CVE-2023-6260

JSON object : View

Products Affected

brivo

  • acs100_firmware
  • acs300_firmware
  • acs100
  • acs300
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')