LOW🇵🇱 Wersja polska

CVE-2023-22439

CVSS 3.1v3.1pub. 2023-12-18upd. 2024-11-21

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • Gallagher Command Centre

    APP
    Gallagher
    ≤ 8.508.60 – 8.60.231116a (bez)8.70 – 8.70.231204a (bez)8.80 – 8.80.231204a (bez)8.90 – 8.90.231204a (bez)
  • Gallagher Controller 6000

    HW
    Gallagher
    wszystkie wersje
  • Gallagher Controller 6000 Firmware

    OS
    Gallagher
    ≤ 8.508.60 – 8.60.231116a (bez)8.70 – 8.70.231204a (bez)8.80 – 8.80.231204a (bez)8.90 – 8.90.231204a (bez)
  • Gallagher Controller 7000

    HW
    Gallagher
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-21815CRITICAL9.1PL ✓ten sam produkt

Gallagher Command Centre: niechronione dane uwierzytelniające integracji DVR

CVE-2021-23230CRITICAL9.9ten sam produkt

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged ...

CVE-2021-23140CRITICAL9.9ten sam produkt

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modif...

CVE-2020-16098CRITICAL9.8ten sam produkt

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in...

CVE-2020-16096CRITICAL9.9ten sam produkt

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to...