4.3
CVE-2023-22439
- EPSS 0.06%
- Veröffentlicht 18.12.2023 22:15:07
- Zuletzt bearbeitet 21.11.2024 07:44:48
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
LoginImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallagher ≫ Controller 6000 Firmware Version <= 8.50
Gallagher ≫ Controller 6000 Firmware Version >= 8.60 < 8.60.231116a
Gallagher ≫ Controller 6000 Firmware Version >= 8.70 < 8.70.231204a
Gallagher ≫ Controller 6000 Firmware Version >= 8.80 < 8.80.231204a
Gallagher ≫ Controller 6000 Firmware Version >= 8.90 < 8.90.231204a
Gallagher ≫ Command Centre Version <= 8.50
Gallagher ≫ Command Centre Version >= 8.60 < 8.60.231116a
Gallagher ≫ Command Centre Version >= 8.70 < 8.70.231204a
Gallagher ≫ Command Centre Version >= 8.80 < 8.80.231204a
Gallagher ≫ Command Centre Version >= 8.90 < 8.90.231204a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.193 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
| disclosures@gallagher.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.