virus logo Threat Signal Report

Nice Linear eMerge Command Injection Vulnerability

What is the vulnerability?

Cyber threat actors are actively targeting Linear eMerge E3-Series to exploit a 5-year-old critical vulnerability. The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and full access to the system. The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability.

What is the recommended Mitigation?

Nice has released a security bulletin that advises users to apply the latest firmware to mitigate the risk and recommends defensive measures to minimize the risk of exploitation. https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf

What FortiGuard Coverage is available?

FortiGuard Labs has an existing IPS signature "Linear.eMerge.card_scan_decoder.php.Command.Injection" to block any attack attempts targeting the vulnerability and has an OT virtual patch available for auto-patching.
Fortinet customers remain protected by the vulnerability; however, it is recommended to apply firmware patches released by the vendor to mitigate any risks.

description-logoOutbreak Alert

The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause remote code execution and full access to the system.

View the full Outbreak Alert Report

Additional Resources

Nice (Security Bulletin)


Released Date Mar 26, 2024
Tags Nice Linear eMerge Attack Threat Signal Vulnerability
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert
About FortiGuard Threat Signal

Learn More »