Lucene search

K
cvelistGallagherCVELIST:CVE-2023-41967
HistoryDec 18, 2023 - 10:00 p.m.

CVE-2023-41967

2023-12-1822:00:38
CWE-1272
Gallagher
www.cve.org
information exposure
gallagher controller 6000
debug/power state transition
configuration
diagnostic password

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller’s default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.

This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Controller 6000",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "8.60",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "vCR8.70.231204a",
        "status": "affected",
        "version": "8.70",
        "versionType": "custom"
      }
    ]
  }
]

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

Related for CVELIST:CVE-2023-41967