Format String Vulnerability in Gallagher Controller 6000
CVE-2023-24590

7.5HIGH

Key Information:

Vendor: Gallagher
Status: Controller 6000
Vendor: CVE Published:; 18 December 2023

What is CVE-2023-24590?

The Gallagher Controller 6000 has a format string vulnerability present in its optional diagnostic web interface. This security issue can be exploited to manipulate memory read/write operations, potentially resulting in unpredictable behavior, including crashes and Denial of Service (DoS) conditions. Specifically, versions prior to vCR8.60.231116a of 8.60 and all versions of 8.50 and earlier are affected, which could leave systems vulnerable if not patched.

Affected Version(s)

Controller 6000 0 <= 8.50

Controller 6000 8.60 < 8.60.231116a

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Feb 3, 2023

Credit

Sebastian Toscano of Amazon Security

Kevin Schaller of Amazon Security