Lucene search

[email protected]CVE-2023-41967

HistoryDec 18, 2023 - 10:15 p.m.

CVE-2023-41967

2023-12-1822:15:08

CWE-212

CWE-1272

[email protected]

web.nvd.nist.gov

cve-2023-41967

information security

data exposure

gallagher controller 6000

vulnerability

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

19.7%

JSON

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller’s default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.

This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.

CPENameOperatorVersion
gallagher:controller_6000_firmwaregallagher controller 6000 firmwarele8.60
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.50.220303a
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.40.220303a
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.30
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.30.220303a
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.40
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.50.230201a
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq-
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.60
gallagher:controller_6000_firmwaregallagher controller 6000 firmwareeq8.50

CPE	Name	Operator	Version
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	le	8.60
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.50.220303a
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.40.220303a
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.30
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.30.220303a
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.40
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.50.230201a
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	-
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.60
gallagher:controller_6000_firmware	gallagher controller 6000 firmware	eq	8.50

Rows per page:

1-10 of 131

References

security.gallagher.com/Security-Advisories/CVE-2023-41967

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

19.7%

JSON

Related for CVE-2023-41967

prion1 cvelist1