CVE-2024-23317

EPSS 0.17%
Veröffentlicht 11.07.2024 03:15:03
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle disclosures@gallagher.com
CVE-Watchlists
Login
Unerledigt
Login

External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. 

This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 12 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellergallagher

≫

Produkt controller_6000_firmware

Default Statusaffected

Version <= 8.60

Version 0

Status affected

Herstellergallagher

≫

Produkt controller_6000_firmware

Default Statusaffected

Version 8.70

Version < 8.70.240520a

Status affected

Herstellergallagher

≫

Produkt controller_6000_firmware

Default Statusaffected

Version 8.80

Version < 8.80.240520a

Status affected

Herstellergallagher

≫

Produkt controller_6000_firmware

Default Statusaffected

Version 8.90

Version < 8.90.240520a

Status affected

Herstellergallagher

≫

Produkt controller_6000_firmware

Default Statusaffected

Version 9.00

Version < 9.00.240521a

Status affected

Herstellergallagher

≫

Produkt controller_6000_firmware

Default Statusaffected

Version 9.10

Version < 9.10.240520a

Status affected

Herstellergallagher

≫

Produkt controller_7000_firmware

Default Statusaffected

Version <= 8.60

Version 0

Status affected

Herstellergallagher

≫

Produkt controller_7000_firmware

Default Statusaffected

Version 8.70

Version < 8.70.240520a

Status affected

Herstellergallagher

≫

Produkt controller_7000_firmware

Default Statusaffected

Version 8.80

Version < 8.80.240520a

Status affected

Herstellergallagher

≫

Produkt controller_7000_firmware

Default Statusaffected

Version 8.90

Version < 8.90.240520a

Status affected

Herstellergallagher

≫

Produkt controller_7000_firmware

Default Statusaffected

Version 9.00

Version < 9.00.240521a

Status affected

Herstellergallagher

≫

Produkt controller_7000_firmware

Default Statusaffected

Version 9.10

Version < 9.10.240520a

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.06

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosures@gallagher.com	6.3	0.8	5.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://security.gallagher.com/Security-Advisories/CVE-2024-23317

https://nvd.nist.gov/vuln/detail/CVE-2024-23317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23317

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-23317