漏洞概述 漏洞名称: Privilege escalation vulnerability affecting RabbitMQ deployment in Genetec products 发布日期: May 25, 2026 CVE编号: CVE-2026-25112 风险等级: High (CVSS v5.1 base score: 7.8) 描述: 该漏洞影响Genetec产品中使用RabbitMQ的部署。在特定条件下,具有本地访问权限的攻击者可能获得比预期更高的权限。 影响范围 受影响产品: - Genetec-provided RabbitMQ (3.13.7.3 and earlier) - Genetec Mission Control™ (3.4.1.0 and later) - Genetec Industrial IoT (IIoT) — 5.x line (5.5.118.0 and later) - Genetec Industrial IoT (IIoT) — 6.x line (6.0.196.0 and later) - Genetec Airport Operational Manager (AOM) (1.6 and later) - Genetec Restricted Security Area (RSA) Surveillance (5.2.1 and later) - Genetec Inter-System (IS) Gateway (1.2 and later) - Sipelia™ (2.11 and later, RabbitMQ no longer used starting from v2.11) 修复方案 新部署: - 使用Genetec提供的RabbitMQ 3.13.7.19及更高版本。 现有部署: - 执行GTAP中提供的缓解工具 。 - 从Security Center Product Download page下载该工具。 - 在安装了Rabbit-MQ的机器上运行该工具,需要管理员权限。 临时缓解措施 如果无法及时应用缓解工具,应将以下文件夹的访问权限限制为管理员用户: - 其他信息 更多信息或帮助: - 登录到Genetec Technical Assistance Portal (GTAP)以打开支持案例。 页面内容 获取电子邮件通知: - 提供电子邮件地址以获取安全公告通知。 相关文章: - Critical security vulnerability affecting the ALPR Manager role of Security Center 其他内容 其他相关安全公告: - Critical security vulnerability affecting the ALPR Manager role of Security Center - High severity vulnerability affecting Security Center Web SDK role - Critical vulnerability affecting Axis Powered by Genetec network door controllers - Microsoft Windows MSMQ vulnerabilities affecting Security Center - High severity vulnerability affecting the Inventory Manager role of Security Center 页脚 合作伙伴: - Channel Partners - Technology Partners - Consultants - Partner & Integration Hub 公司: - About us - Careers - Events - Press center - Customer stories - Trust & cybersecurity - Patents 资源: - Technical support - Professional services - Training - TechDoc Hub - Blog - Podcast - Webinars - Grants (US only) 产品: - Security as a service - Unified security - Video management - Access control - License plate recognition - Deconfliction management - View all products - Product releases 联系我们: - Contact us - Social media links (Facebook, X, LinkedIn, Instagram) 版权信息: - © 1997-2026 Genetec Inc. All rights reserved. - Privacy policy --- 注意: 页面中未包含POC代码或利用代码。