9.8
CVE-2023-24584
- EPSS 0.42%
- Veröffentlicht 01.06.2023 05:15:09
- Zuletzt bearbeitet 21.11.2024 07:48:10
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
LoginController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallagher ≫ Controller 6000 Firmware Version < 8.50.230201a
Gallagher ≫ Controller 6000 Firmware Version >= 8.60 < 8.60.230201b
Gallagher ≫ Controller 6000 Firmware Version >= 8.70 < 8.70.230201a
Gallagher ≫ Controller 6000 Firmware Version >= 8.80 < 8.80.230201a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.613 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosures@gallagher.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.