Lucene search

GallagherCVELIST:CVE-2023-41967

HistoryDec 18, 2023 - 10:00 p.m.

CVE-2023-41967

2023-12-1822:00:38

CWE-1272

Gallagher

www.cve.org

information exposure

gallagher controller 6000

debug/power state transition

configuration

diagnostic password

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller’s default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.

This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Controller 6000",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "8.60",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "vCR8.70.231204a",
        "status": "affected",
        "version": "8.70",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2023-41967

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for CVELIST:CVE-2023-41967