Lucene search

57dba5dd-1a03-47f6-8b36-e84e47d335d8CVE-2023-6259

HistoryFeb 19, 2024 - 10:15 p.m.

CVE-2023-6259

2024-02-1922:15:48

CWE-284

CWE-522

57dba5dd-1a03-47f6-8b36-e84e47d335d8

web.nvd.nist.gov

cve-2023-6259

insufficiently protected credentials

improper access control

brivo

acs100

acs300

password recovery exploitation

bypassing physical security

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "ACS100, ACS300",
    "vendor": "Brivo",
    "versions": [
      {
        "lessThan": "6.2.4.3",
        "status": "affected",
        "version": "5.2.4",
        "versionType": "semver"
      }
    ]
  }
]

References

sra.io/advisories/

support.brivo.com/l/en/article/g82txdwepa-brivo-firmware-release-notes#brivo_firmware_release_6_2_4_3

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2023-6259