Denial of Service Vulnerability in Gallagher Controllers 6000 and 7000
CVE-2023-22439

3.1LOW

Key Information:

Vendor: Gallagher
Status: Controller 6000/ Controller 7000
Vendor: CVE Published:; 18 December 2023

What is CVE-2023-22439?

A vulnerability has been identified in the Gallagher Controllers 6000 and 7000, which arises from improper input validation of large HTTP requests in the optional diagnostic web interface (Port 80). This vulnerability can be exploited to cause a Denial of Service, affecting accessibility to the diagnostic web interface. Products affected include various versions of Controller 6000 and 7000 prior to specific updates, underscoring the importance of keeping firmware up to date to protect against such security threats.

Affected Version(s)

Controller 6000/ Controller 7000 0 <= 8.50

Controller 6000/ Controller 7000 8.90

Controller 6000/ Controller 7000 8.80

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Feb 3, 2023

Credit

Sebastian Toscano of Amazon Security

Kevin Schaller of Amazon Security