Bypass Vulnerability in Gallagher Controller 7000 Products
CVE-2023-6355

6.8MEDIUM

Key Information:

Vendor: Gallagher
Status: Controller 7000
Vendor: CVE Published:; 18 December 2023

What is CVE-2023-6355?

A vulnerability in the Gallagher Controller 7000 allows attackers to exploit an incorrect selection of fuse values. This misconfiguration can enable unauthorized access to local debug functionalities, circumventing existing protective measures. The affected versions include those prior to vCR9.00.231204b for 9.00, vCR8.90.231204a for 8.90, vCR8.80.231204a for 8.80, and vCR8.70.231204a for 8.70, presenting a significant security concern for users of this platform.

Affected Version(s)

Controller 7000 9.00

Controller 7000 8.90

Controller 7000 8.80

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Nov 28, 2023