External Control Vulnerability in Gallagher Controller 6000 and 7000 Products
CVE-2024-22387

6.8MEDIUM

Key Information:

Vendor
Gallagher
Status
Controller 6000 And Controller 7000
Vendor
CVE Published:
11 July 2024

Summary

A security vulnerability has been identified in Gallagher's Controller 6000 and 7000 diagnostic web interface, which is susceptible to external control of critical state data (CWE-642). This weakness allows authenticated users to modify input/output connections of the device, potentially resulting in uncontrolled system behavior that could jeopardize physical site security measures. Gallagher recommends that the diagnostic web page, which is disabled by default, should only be enabled under the guidance of Gallagher technical support to prevent unauthorized access and manipulation of sensitive equipment.

Affected Version(s)

Controller 6000 and Controller 7000 0 <= 8.60

Controller 6000 and Controller 7000 0 <= 8.60

Controller 6000 and Controller 7000 9.10

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.