Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
AnalysisAI
Local privilege escalation in Genetec RabbitMQ deployments and multiple dependent Genetec products allows a low-privileged local user to gain high-impact control over confidentiality, integrity, and availability. The flaw stems from incorrect permission assignment (CWE-732) in how Genetec deploys RabbitMQ, with no public exploit identified at time of analysis and an EPSS score of 0.01% indicating minimal predicted exploitation activity. The vendor (Genetec) discovered and disclosed the issue and has released fixed versions across the affected product line.
Technical ContextAI
The vulnerability resides in how Genetec packages and deploys the RabbitMQ message broker - a widely used AMQP messaging service - within its physical security and operations product suite. CPE data confirms impact across at least seven Genetec products that bundle the affected RabbitMQ deployment: Genetec RabbitMQ itself, Mission Control, Sipelia, Industrial IoT, Airport Operational Manager, Restricted Security Area, and Inter-System Gateway. The root cause is CWE-732 (Incorrect Permission Assignment for Critical Resource), meaning files, directories, services, or configuration objects associated with the RabbitMQ deployment are configured with overly permissive ACLs, allowing a local user with limited rights to modify or execute resources reserved for higher-privileged accounts (typically SYSTEM or the RabbitMQ service account).
RemediationAI
Apply the vendor-released patched versions per the Genetec security advisory: upgrade Genetec RabbitMQ to 3.13.7.19 or later, Mission Control to 3.4.1.0+, Sipelia to 2.11+, Industrial IoT to 6.0.196.0+ (or 5.5.118.0+ on the 5.x branch), Airport Operational Manager to 1.6+, Restricted Security Area to 5.2.1+, and Inter-System Gateway to 1.2+. Full details and downloads are available at https://resources.genetec.com/security-advisories/vulnerability-affecting-rabbitmq-deployment-in-genetec-products. Until patching is complete, compensating controls should focus on the local attack vector: restrict interactive and remote desktop logon to Genetec servers to administrators only (which prevents low-privileged users from reaching the vulnerable resource but breaks any operator workflows that require local console access), audit and tighten NTFS/service ACLs on the RabbitMQ installation directory and service configuration (side effect: may interfere with Genetec service startup if applied incorrectly - test in staging), and ensure endpoint detection is monitoring for unusual child processes spawned by RabbitMQ or Genetec service accounts.
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31848
GHSA-7vxw-69v7-42x7