CVE-2024-9325

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.278829	Permissions Required
https://vuldb.com/?ctiid.278829	Permissions Required
https://vuldb.com/?submit.385397	Exploit Third Party Advisory
https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf
https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe

Configurations

Configuration 1 (hide)

cpe:2.3:a:intelbras:incontrol_web:*:*:*:*:*:*:*:*

History

04 Nov 2024, 19:15

Type	Values Removed	Values Added
CWE		CWE-426
References		() https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe - () https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf -
Summary	A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

07 Oct 2024, 16:06

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?submit.385397 -~~	() https://vuldb.com/?submit.385397 - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.278829 -~~	() https://vuldb.com/?ctiid.278829 - Permissions Required
References	~~() https://vuldb.com/?id.278829 -~~	() https://vuldb.com/?id.278829 - Permissions Required
First Time		Intelbras Intelbras incontrol Web
CPE		cpe:2.3:a:intelbras:incontrol_web::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

29 Sep 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-29 08:15

Updated : 2024-11-04 19:15

NVD link : CVE-2024-9325

Mitre link : CVE-2024-9325

JSON object : View

Products Affected

intelbras

incontrol_web

CWE

CWE-426

Untrusted Search Path

CWE-428

Unquoted Search Path or Element

7.8 /10