Unquoted Search Path Vulnerability in Intelbras InControl
CVE-2024-9325

7.8HIGH

Key Information:

Vendor
Intelbras
Status
Incontrol
Vendor
CVE Published:
29 September 2024

Summary

A serious vulnerability has been identified in Intelbras InControl versions prior to 2.21.56, primarily affecting the incontrol-service-watchdog executable file. This flaw allows for an unquoted search path issue, which can be exploited by local attackers to execute arbitrary code. Users are strongly encouraged to upgrade to version 2.21.58, which addresses this vulnerability and enhances overall security. This issue was reported to Intelbras on August 5, 2024, initially planned for a patch release by the end of August, but the rollout was later rescheduled to September 20, 2024. Immediate action is recommended to safeguard systems against potential exploitation.

Affected Version(s)

InControl 2.21.0

InControl 2.21.1

InControl 2.21.2

References

https://vuldb.com/?id.278829
vdb-entry
https://vuldb.com/?ctiid.278829
signaturepermissions-required
https://vuldb.com/?submit.385397
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

j369 (VulDB User)
.