Secured Door Locks Vulnerable to Power Save/Restore Operation (CWE-1304)
CVE-2024-23485

4.6MEDIUM

Key Information:

Vendor: Gallagher
Status: Controller 6000 And Controller 7000
Vendor: CVE Published:; 11 July 2024

What is CVE-2024-23485?

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access.

This issue affects: Gallagher Controller 6000 and 7000 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.

Affected Version(s)

Controller 6000 and Controller 7000 9.10

Controller 6000 and Controller 7000 9.00

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Feb 5, 2024