CVE-2023-6355

Version of Command Centre affected: 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

Reported by: Gallagher Internal

Active exploitation of vulnerability*: No

Description of vulnerability: Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug.

This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

Mitigation: None

Maintenance releases are now available for:

• v9.00 – v9.00.1507 (MR1)
• v8.90 – v8.90.1620 (MR2)
• v8.80 – v8.80.1369 (MR3)
•  v8.70 – v8.70.2375 (MR5)

Important notes:

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.