Genetec Security Center Web SDK Arbitrary Code Execution (CVE-2024-7059)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Type: High-severity vulnerability that could lead to arbitrary code execution. - Affected Product: Genetec Security Center Web SDK role. - Vulnerability ID: CVE-2024-7059. - Impact: Attackers may exploit this vulnerability to execute arbitrary code, beyond the normal functions permitted within the SDK. 2. Risk Assessment: - CVSS Score: 8.9 (High). - Attacker Privileges: Attackers must have a valid Security Center user account with "Use SDK" permission and a valid Web-based SDK certificate. 3. Exploitation Requirements: - Web-based SDK Role: The Web-based SDK role must be activated (disabled by default). - Valid User: Requires a valid Security Center user with "Use SDK" permission. - Valid Certificate: Requires a valid Web-based SDK certificate. 4. Recommended Actions: - Affected Versions: Users running affected versions are advised to update as soon as possible. - Temporary Mitigation: If immediate update is not possible, disable the Web-based SDK role. 5. Affected Products List: - Security Center SaaS Edition: Fixed. - Security Center 5.13: Not affected. - Security Center 5.12: Fixed. - Security Center 5.11: Fixed. - Security Center 5.10: Fixed. - Security Center 5.9: Fixed. - Security Center 5.8: Fixed. - Other Security Center Versions: Fixed. - Other Genetec Products: Not affected. 6. Contact Information: - Technical Support: Open a support case via the Genetec Technical Assistance Portal (GTAP). 7. Acknowledgments: - Contributors: Thanks to Algosecure and Louis Moubinous for their contributions. This information provides a detailed description of the vulnerability, risk assessment, exploitation conditions, recommended actions, list of affected products, and contact details.

Goal Reached Thanks to every supporter — we hit 100%!

Genetec Security Center Web SDK Arbitrary Code Execution (CVE-2024-7059)