Input validation

2023-12-1822:15:00

PRIOn knowledge base

www.prio-n.com

input validation

http request

controller 6000

controller 7000

denial of service

gallagher

vcr8.90.231204a

vcr8.80.231204a

vcr8.70.231204a

vcr8.60.231116a

nvd

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.

This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.

CPENameOperatorVersion
command_centrele8.50
command_centrege8.60
command_centrelt8.60.231116
command_centrege8.70
command_centrelt8.70.231204
command_centrege8.80
command_centrelt8.80.231204
command_centrege8.90
command_centrelt8.90.231204
controller_6000_firmwarele8.50

Name	Operator	Version
command_centre	le	8.50
command_centre	ge	8.60
command_centre	lt	8.60.231116
command_centre	ge	8.70
command_centre	lt	8.70.231204
command_centre	ge	8.80
command_centre	lt	8.80.231204
command_centre	ge	8.90
command_centre	lt	8.90.231204
controller_6000_firmware	le	8.50