CVE-2024-7059
8.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Genetec Inc. | Genetec Security Center | <5.8.2.1 | affected |
| Genetec Inc. | Genetec Security Center | >=5.8.2.1 | unaffected |
| Genetec Inc. | Genetec Security Center | >=5.9.0.0 <5.9.5.8 | affected |
| Genetec Inc. | Genetec Security Center | >=5.9.5.8 | unaffected |
| Genetec Inc. | Genetec Security Center | >=5.10.0.0 <5.10.4.23 | affected |
| Genetec Inc. | Genetec Security Center | >=5.10.4.23 | unaffected |
| Genetec Inc. | Genetec Security Center | >=5.11.0.0 <5.11.3.13 | affected |
| Genetec Inc. | Genetec Security Center | >=5.11.3.13 | unaffected |
| Genetec Inc. | Genetec Security Center | >=5.12.0.0 <5.12.1.3 | affected |
| Genetec Inc. | Genetec Security Center | >=5.12.1.3 <5.12.2.0 | unaffected |
| Genetec Inc. | Genetec Security Center | >=5.12.2.0 <5.12.2.1 | affected |
| Genetec Inc. | Genetec Security Center | >=5.12.2.1 | unaffected |
Weaknesses
- CWE-470: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Workarounds
If the Security Center instance cannot be updated in a timely fashion, the system administrator should deactivate the Web-based SDK role.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role
- https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.