Lucene search

GallagherCVELIST:CVE-2023-24584

HistoryJun 01, 2023 - 4:08 a.m.

CVE-2023-24584 Controller 6000 buffer overflow via upload feature in web interface

2023-06-0104:08:35

CWE-120

Gallagher

www.cve.org

cve-2023-24584

controller 6000

buffer overflow

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature.

This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior.

CNA Affected

[
  {
    "vendor": "Gallagher",
    "product": "Controller 6000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "vCR8.80.230201a",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "vCR8.70.230201a",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "vCR8.60.230201b",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "vCR8.50.230201a",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Related for CVELIST:CVE-2023-24584