CVE-2024-6080

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf
https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe
https://vuldb.com/?ctiid.268822	Permissions Required
https://vuldb.com/?id.268822	Third Party Advisory
https://vuldb.com/?submit.353502	Third Party Advisory
https://vuldb.com/?ctiid.268822	Permissions Required
https://vuldb.com/?id.268822	Third Party Advisory
https://vuldb.com/?submit.353502	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:intelbras:incontrol:2.21.56:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?ctiid.268822 - Permissions Required~~	() https://vuldb.com/?ctiid.268822 - Permissions Required
References	~~() https://vuldb.com/?id.268822 - Third Party Advisory~~	() https://vuldb.com/?id.268822 - Third Party Advisory
References	~~() https://vuldb.com/?submit.353502 - Third Party Advisory~~	() https://vuldb.com/?submit.353502 - Third Party Advisory

04 Nov 2024, 19:15

Type	Values Removed	Values Added
CWE		CWE-426
Summary	(en) A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.	(en) A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.
References		() https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf - () https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe -

20 Sep 2024, 00:27

Type	Values Removed	Values Added
CPE		cpe:2.3:o:intelbras:incontrol:2.21.56:::::::*
References	~~() https://vuldb.com/?ctiid.268822 -~~	() https://vuldb.com/?ctiid.268822 - Permissions Required
References	~~() https://vuldb.com/?id.268822 -~~	() https://vuldb.com/?id.268822 - Third Party Advisory
References	~~() https://vuldb.com/?submit.353502 -~~	() https://vuldb.com/?submit.353502 - Third Party Advisory
First Time		Intelbras Intelbras incontrol

06 Aug 2024, 07:15

Type	Values Removed	Values Added
Summary	(en) A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.	(en) A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.

20 Jun 2024, 20:15

Type	Values Removed	Values Added
Summary	(en) A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	(en) A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.

20 Jun 2024, 12:44

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue encontrada en Intelbras InControl 2.21.56 y clasificada como crítica. Esta vulnerabilidad afecta a código desconocido. La manipulación conduce a una ruta de búsqueda sin comillas. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado al público y puede utilizarse. VDB-268822 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

17 Jun 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-17 23:15

Updated : 2024-11-21 09:48

NVD link : CVE-2024-6080

Mitre link : CVE-2024-6080

CVE.ORG link : CVE-2024-6080

JSON object : View

Products Affected

intelbras

incontrol

CWE

CWE-426

Untrusted Search Path

CWE-428

Unquoted Search Path or Element

7.8 /10