MEDIUM🇵🇱 Wersja polska

CVE-2023-6355

CVSS 6.8v3.1pub. 2023-12-18upd. 2024-11-21

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gallagher Controller 7000

    HW
    Gallagher
    wszystkie wersje
  • Gallagher Controller 7000 Firmware

    OS
    Gallagher
    8.70 – 8.70.231204a (bez)8.80 – 8.80.231204a (bez)8.90 – 8.90.231204a (bez)9.00 – 9.00.231204b (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-22439LOW3.1ten sam produkt

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnos...

CVE-2024-21815CRITICAL9.1PL ✓ten sam vendor

Gallagher Command Centre: niechronione dane uwierzytelniające integracji DVR

CVE-2021-23155CRITICAL9.0ten sam vendor

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to imperso...

CVE-2021-23230CRITICAL9.9ten sam vendor

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged ...

CVE-2021-23140CRITICAL9.9ten sam vendor

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modif...