CVE-2024-6080 – This critical vulnerability in Intelbras InCont... (How to Fix)

Q: What is the severity of CVE-2024-6080?

CVE-2024-6080 has a CVSS score of 7.8 (HIGH). This critical vulnerability in Intelbras InControl allows local attackers to execute arbitrary code through an unquoted search path in the incontrolWebcam Service. Attackers with local access can exploit this to gain elevated privileges on affected systems. Users of Intelbras InControl versions 2.21.56 and 2.21.57 are affected.

📋 TL;DR

This critical vulnerability in Intelbras InControl allows local attackers to execute arbitrary code through an unquoted search path in the incontrolWebcam Service. Attackers with local access can exploit this to gain elevated privileges on affected systems. Users of Intelbras InControl versions 2.21.56 and 2.21.57 are affected.

💻 Affected Systems

Products:

Intelbras InControl

Versions: 2.21.56 and 2.21.57

Operating Systems: Windows (based on service nature)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the incontrolWebcam Service component specifically. Requires the service to be running.

📦 What is this software?

Incontrol by Intelbras

View all CVEs affecting Incontrol →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation enabling attackers to gain higher privileges than their current account, potentially leading to persistence or lateral movement.

🟢

If Mitigated

Limited impact if proper access controls restrict local user privileges and service execution paths are monitored.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Local attackers or compromised accounts can exploit this for privilege escalation within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit has been publicly disclosed. Attack requires local access but is straightforward to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.21.58

Vendor Advisory: https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf

Restart Required: Yes

Instructions:

1. Download INCONTROL-WEB-2.21.58 from the Intelbras download link. 2. Run the installer to upgrade from affected versions. 3. Restart the system to ensure the updated service loads properly.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to systems running InControl to reduce attack surface.

Service Path Hardening

windows

Manually quote the service path in Windows registry to prevent unquoted path exploitation.

reg add "HKLM\SYSTEM\CurrentControlSet\Services\incontrolWebcam" /v ImagePath /t REG_EXPAND_SZ /d "\"C:\Program Files\Intelbras\InControl\incontrolWebcam.exe\"" /f

🧯 If You Can't Patch

Implement strict least-privilege access controls to limit local user permissions.
Monitor and audit service execution paths and privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check InControl version via application interface or installed programs list. Versions 2.21.56 or 2.21.57 are vulnerable.

Check Version:

Check application settings or installed programs for version number.

Verify Fix Applied:

Confirm version is updated to 2.21.58 and verify the incontrolWebcam Service is running from the patched executable.

📡 Detection & Monitoring

Log Indicators:

Unusual service path modifications in Windows Event Logs
Privilege escalation attempts from local accounts

Network Indicators:

Unusual outbound connections from the InControl service

SIEM Query:

EventID=4688 AND ProcessName="incontrolWebcam.exe" AND CommandLine CONTAINS unquoted path

📊 Metadata

CVE ID: CVE-2024-6080

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-426

Published: June 17, 2024

Last Updated: November 21, 2024

🔗 References

https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf
https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe
https://vuldb.com/?ctiid.268822 Permissions Required
https://vuldb.com/?id.268822 Third Party Advisory
https://vuldb.com/?submit.353502 Third Party Advisory
https://vuldb.com/?ctiid.268822 Permissions Required
https://vuldb.com/?id.268822 Third Party Advisory
https://vuldb.com/?submit.353502 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6080, you might also want to check these: