We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-7059



Description

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

Reserved 2024-07-23 | Published 2024-11-05 | Updated 2024-11-09 | Assigner Genetec


HIGH: 8.9CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:HHIGH: 8.0CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HHIGH: 8.0CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Product status

Default status
unaffected

<5.8.2.1
affected

>=5.8.2.1
unaffected

>=5.9.0.0 <5.9.5.8
affected

>=5.9.5.8
unaffected

>=5.10.0.0 <5.10.4.23
affected

>=5.10.4.23
unaffected

>=5.11.0.0 <5.11.3.13
affected

>=5.11.3.13
unaffected

>=5.12.0.0 <5.12.1.3
affected

>=5.12.1.3 <5.12.2.0
unaffected

>=5.12.2.0 <5.12.2.1
affected

>=5.12.2.1
unaffected

Credits

AlgoSecure, Louis Moubinous finder

References

resources.genetec.com/...ecting-security-center-web-sdk-role

ressources.genetec.com/...le-role-sdk-web-de-security-center

cve.org (CVE-2024-7059)

nvd.nist.gov (CVE-2024-7059)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-7059

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.