CVE-2024-7059

Summary

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

Affected Software

VendorProductVersion RangeStatus
Genetec Inc.Genetec Security Center<5.8.2.1affected
Genetec Inc.Genetec Security Center>=5.8.2.1unaffected
Genetec Inc.Genetec Security Center>=5.9.0.0 <5.9.5.8affected
Genetec Inc.Genetec Security Center>=5.9.5.8unaffected
Genetec Inc.Genetec Security Center>=5.10.0.0 <5.10.4.23affected
Genetec Inc.Genetec Security Center>=5.10.4.23unaffected
Genetec Inc.Genetec Security Center>=5.11.0.0 <5.11.3.13affected
Genetec Inc.Genetec Security Center>=5.11.3.13unaffected
Genetec Inc.Genetec Security Center>=5.12.0.0 <5.12.1.3affected
Genetec Inc.Genetec Security Center>=5.12.1.3 <5.12.2.0unaffected
Genetec Inc.Genetec Security Center>=5.12.2.0 <5.12.2.1affected
Genetec Inc.Genetec Security Center>=5.12.2.1unaffected

Weaknesses

  • CWE-470: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Workarounds

If the Security Center instance cannot be updated in a timely fashion, the system administrator should deactivate the Web-based SDK role.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References