CVE-2023-6355

Severity: Medium CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Components affected: Controller 7000 and Controller 7000 Single Door Controller

Version of Command Centre affected: 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

Reported by: Gallagher Internal

Active exploitation of vulnerability*: No

Description of vulnerability: Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug.

This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

Mitigation: None

Maintenance releases are now available for:

  • v9.00 – v9.00.1507 (MR1)
  • v8.90 – v8.90.1620 (MR2)
  • v8.80 – v8.80.1369 (MR3)
  •  v8.70 – v8.70.2375 (MR5)

Important notes:

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.

Stay up to date with Gallagher

Get the latest Gallagher news, updates, and event information delivered straight to your inbox.

Subscribe
X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm