Lucene search

[email protected]CVE-2023-22439

HistoryDec 18, 2023 - 10:15 p.m.

CVE-2023-22439

2023-12-1822:15:07

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-22439

gallagher controller

input validation

dos

nvd

security issue

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

15.9%

JSON

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.

This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.

CPENameOperatorVersion
gallagher:controller_6000_firmwaregallagher controller 6000 firmwarele8.50
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.40.220303a
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.30
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.30.220303a
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.40
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq-
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.50
gallagher:controller_6000_firmwaregallagher controller 6000 firmwarelt8.60.231116a
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.60.230201b
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.60.220303a

CPE	Name	Operator	Version
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	le	8.50
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.40.220303a
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.30
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.30.220303a
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.40
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	-
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.50
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	lt	8.60.231116a
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.60.230201b
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.60.220303a

Rows per page:

1-10 of 181

References

security.gallagher.com/Security-Advisories/CVE-2023-22439

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

15.9%

JSON

Related for CVE-2023-22439

cvelist1 prion1