Genetec Security Center prior 5.12.2.1 externally-controlled input to select classes or code
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.1 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in Genetec Security Center. Impacted is an unknown function. This manipulation causes use of externally-controlled input to select classes or code. This vulnerability appears as CVE-2024-7059. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.
Details
A vulnerability classified as critical was found in Genetec Security Center. Affected by this vulnerability is an unknown functionality. The manipulation with an unknown input leads to a use of externally-controlled input to select classes or code vulnerability. The CWE definition for the vulnerability is CWE-470. The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
A high-severity vulnerability that can lead to arbitrary code execution was found in the Genetec Security Center product line.
The weakness was presented by Louis Moubinous. It is possible to read the advisory at resources.genetec.com. This vulnerability is known as CVE-2024-7059 since 07/23/2024. The exploitation appears to be difficult. The attack can be launched remotely. Additional levels of successful authentication are necessary for exploitation. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 5.8.2.1, 5.9.5.8, 5.10.4.23, 5.11.3.13, 5.12.1.3 <5.12.2.0 or 5.12.2.1 eliminates this vulnerability.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Vector: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.1
VulDB Base Score: 6.6
VulDB Temp Score: 6.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 8.0
CNA Vector (Genetec): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Use of externally-controlled input to select classes or codeCWE: CWE-470
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Security Center 5.8.2.1/5.9.5.8/5.10.4.23/5.11.3.13/5.12.1.3 <5.12.2.0/5.12.2.1
Timeline
07/23/2024 🔍11/05/2024 🔍
11/05/2024 🔍
11/10/2024 🔍
Sources
Advisory: resources.genetec.comResearcher: Louis Moubinous
Status: Confirmed
CVE: CVE-2024-7059 (🔍)
GCVE (CVE): GCVE-0-2024-7059
GCVE (VulDB): GCVE-100-283123
Entry
Created: 11/05/2024 14:27Updated: 11/10/2024 00:45
Changes: 11/05/2024 14:27 (64), 11/09/2024 08:50 (2), 11/10/2024 00:45 (11)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.