Arbitrary Code Execution Vulnerability Affects Controller Products
CVE-2024-23317

6.3MEDIUM

Key Information:

Vendor: Gallagher
Status: Controller 6000 And Controller 7000
Vendor: CVE Published:; 11 July 2024

What is CVE-2024-23317?

External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution.

This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.

Affected Version(s)

Controller 6000 and Controller 7000 0

Controller 6000 and Controller 7000 0 < 8.60

Controller 6000 and Controller 7000 9.10

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Feb 5, 2024

Gallagher

What is CVE-2024-23317?

Affected Version(s)

References

CVSS V3.1

Timeline