CVE-2022-26078

Severity: High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Components affected: Gallagher Controller 6000
Version of Command Centre affected: 8.60 prior to vCR8.60.220303a (distributed in 8.60.1652 (MR2)), 8.50 prior to vCR8.50.220303a (distributed in 8.50.2245 (MR4)), 8.40 prior to vCR8.40.220303a (distributed in 8.40.2216 (MR5)), 8.30 prior to vCR8.30.220303a (distributed in 8.30.1470 (MR5))
Reported by: Customer reported
Active exploitation of vulnerability*: No
Description of vulnerability: Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.220303a (distributed in 8.60.1652 (MR2)), 8.50 prior to vCR8.50.220303a (distributed in 8.50.2245 (MR4)), 8.40 prior to vCR8.40.220303a (distributed in 8.40.2216 (MR5)), 8.30 prior to vCR8.30.220303a (distributed in 8.30.1470 (MR5))
Mitigation: Segregate networks to reduce likelihood of attack

Maintenance releases are now available for:

• v8.60 - v8.60.1652 (MR2)

• v8.50 - v8.50.2245 (MR4)

• v8.40 - v8.40.2216 (MR5)

• v8.30 - v8.30.1470 (MR5)

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.