CVE-2023-6260

Name of the Vulnerable Software and Affected Versions Brivo ACS100 versions 5.2.4 through 6.2.4.3 Brivo ACS300 versions 5.2.4 through 6.2.4.3

Description The issue is related to an OS Command Injection vulnerability, allowing attackers to bypass physical security. This vulnerability affects both network adjacent access and physical access systems.

Recommendations For Brivo ACS100 versions 5.2.4 through 6.2.4.3, update to version 6.2.4.3 or later to resolve the issue. For Brivo ACS300 versions 5.2.4 through 6.2.4.3, update to version 6.2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable systems to minimize the risk of exploitation.