CVE-2023-24584 - OpenCVE

Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gallagher	Controller 6000 Controller 6000 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:gallagher:controller_6000_firmware::::::::
	cpe:2.3:o:gallagher:controller_6000_firmware::::::::
	cpe:2.3:o:gallagher:controller_6000_firmware::::::::
	cpe:2.3:o:gallagher:controller_6000_firmware::::::::

No data.

References

Link	Providers
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584

History

No history.

MITRE

Status: PUBLISHED

Assigner: Gallagher

Published: 2023-06-01T04:08:35.754Z

Updated: 2024-08-02T11:03:18.735Z

Reserved: 2023-02-03T20:38:05.230Z

Link: CVE-2023-24584

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-01T05:15:09.767

Modified: 2023-06-08T15:54:51.820

Link: CVE-2023-24584

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24584", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2023-02-03T20:38:05.230Z", "datePublished": "2023-06-01T04:08:35.754Z", "dateUpdated": "2024-08-02T11:03:18.735Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2023-06-01T04:08:35.754Z"}, "title": "Controller 6000 buffer overflow via upload feature in web interface", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "CWE"}]}], "affected": [{"vendor": "Gallagher", "product": "Controller 6000", "versions": [{"status": "affected", "version": "0", "lessThan": "vCR8.80.230201a", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "vCR8.70.230201a", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "vCR8.60.230201b", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "vCR8.50.230201a", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "\nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \n\n\n\n\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u00a0all versions of vCR8.40 and prior.\n\n", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. </span>\n\n<br></p><p>This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, <span style=\"background-color: rgb(255, 255, 255);\">all versions of vCR8.40 and prior.</span></p>"}]}], "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "workarounds": [{"lang": "en", "value": "\nEnsure dipswitch 1 is turned off on all Controllers and the option, \"Dipswitch 1 controls the diagnostic web interface\", is not checked in Configuration Client on Controller property pages. Do not use the Controller override, \"Enable WWW Connections\". Refer to the Gallagher Command Centre Hardening Guide for more details.\n\n\n", "supportingMedia": [{"type": "text/html", "base64": false, "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Ensure dipswitch 1 is turned off on all Controllers and the option, \"Dipswitch 1 controls the diagnostic web interface\", is not checked in Configuration Client on Controller property pages. Do not use the Controller override, \"Enable WWW Connections\". Refer to the Gallagher Command Centre Hardening Guide for more details.</span>\n\n<br>"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.735Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2145115-B3C0-450E-B8E4-F9E0CA60E532", "versionEndExcluding": "8.50.230201a", "vulnerable": true}, {"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C59CC87-0F34-4B34-A8E9-4A8EC922067F", "versionEndExcluding": "8.60.230201b", "versionStartIncluding": "8.60", "vulnerable": true}, {"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33EB0365-40C7-4750-A013-37B655A24FE4", "versionEndExcluding": "8.70.230201a", "versionStartIncluding": "8.70", "vulnerable": true}, {"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F952C1B-EA21-4179-A8CF-84952EBE2478", "versionEndExcluding": "8.80.230201a", "versionStartIncluding": "8.80", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \n\n\n\n\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u00a0all versions of vCR8.40 and prior.\n\n"}], "id": "CVE-2023-24584", "lastModified": "2023-06-08T15:54:51.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2023-06-01T05:15:09.767", "references": [{"source": "disclosures@gallagher.com", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}