Gabe Siftar

**Name of the Vulnerable Software and Affected Versions** Brivo ACS100, ACS300 versions 5.2.4 through 6.2.4.3 **Description** The issue is related to Insufficiently Protected Credentials and Improper Access Control, allowing password recovery exploitation and bypassing physical security. This can be exploited to gain unauthorized access. **Recommendations** For versions 5.2.4 through 6.2.4.3, update to version 6.2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to password recovery features until a patch is applied. Additionally, review and strengthen access control mechanisms to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Brivo ACS100 versions 5.2.4 through 6.2.4.3 Brivo ACS300 versions 5.2.4 through 6.2.4.3 **Description** The issue is related to an OS Command Injection vulnerability, allowing attackers to bypass physical security. This vulnerability affects both network adjacent access and physical access systems. **Recommendations** For Brivo ACS100 versions 5.2.4 through 6.2.4.3, update to version 6.2.4.3 or later to resolve the issue. For Brivo ACS300 versions 5.2.4 through 6.2.4.3, update to version 6.2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable systems to minimize the risk of exploitation.