High-Severity Vulnerability in Genetec Security Center Leads to Arbitrary Code Execution
CVE-2024-7059

8HIGH

Key Information:

Vendor: Genetec Inc.
Status: Genetec Security Center
Vendor: CVE Published:; 5 November 2024

🔔 Create Genetec Inc. Vulnerability Alert

What is CVE-2024-7059?

A vulnerability has been identified in the Web SDK role of the Genetec Security Center product line, potentially allowing attackers to execute arbitrary code on the host system. This issue arises from specific flaws in the Web SDK, which can be exploited to compromise the security posture of applications utilizing this role. Immediate remediation steps should be considered to protect against possible exploits that could lead to unauthorized access and control over the affected systems.

Affected Version(s)

Genetec Security Center Windows <5.8.2.1 < 5.8.2.1

Genetec Security Center Windows >=5.9.0.0 <5.9.5.8 < 5.9.0.0 5.9.5.8

Genetec Security Center Windows >=5.10.0.0 <5.10.4.23 < 5.10.0.0 5.10.4.23

References

https://resources.genetec.com/security-advisories/high-se...

https://ressources.genetec.com/bulletins-de-securite/vuln...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Jul 23, 2024

Credit

AlgoSecure, Louis Moubinous

CVE-2024-7059 Data

JSON