6.8
CVE-2023-6355
- EPSS 0.01%
- Veröffentlicht 18.12.2023 22:15:10
- Zuletzt bearbeitet 21.11.2024 08:43:41
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
LoginIncorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallagher ≫ Controller 7000 Firmware Version >= 8.70 < 8.70.231204a
Gallagher ≫ Controller 7000 Firmware Version >= 8.80 < 8.80.231204a
Gallagher ≫ Controller 7000 Firmware Version >= 8.90 < 8.90.231204a
Gallagher ≫ Controller 7000 Firmware Version >= 9.00 < 9.00.231204b
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.013 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosures@gallagher.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1253 Incorrect Selection of Fuse Values
The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.