CVE-2023-24584 (GCVE-0-2023-24584)
Vulnerability from cvelistv5 – Published: 2023-06-01 04:08 – Updated: 2025-01-10 18:47
VLAI?
Summary
Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature.
This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Controller 6000 |
Affected:
0 , < vCR8.80.230201a
(custom)
Affected: 0 , < vCR8.70.230201a (custom) Affected: 0 , < vCR8.60.230201b (custom) Affected: 0 , < vCR8.50.230201a (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:46:54.400796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:47:07.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller 6000",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "vCR8.80.230201a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR8.70.230201a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR8.60.230201b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR8.50.230201a",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of vCR8.40 and prior.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "\nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \n\n\n\n\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u00a0all versions of vCR8.40 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T04:08:35.754Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Controller 6000 buffer overflow via upload feature in web interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEnsure dipswitch 1 is turned off on all Controllers and the option, \"Dipswitch 1 controls the diagnostic web interface\", is not checked in Configuration Client on Controller property pages. Do not use the Controller override, \"Enable WWW Connections\". Refer to the Gallagher Command Centre Hardening Guide for more details.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nEnsure dipswitch 1 is turned off on all Controllers and the option, \"Dipswitch 1 controls the diagnostic web interface\", is not checked in Configuration Client on Controller property pages. Do not use the Controller override, \"Enable WWW Connections\". Refer to the Gallagher Command Centre Hardening Guide for more details.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-24584",
"datePublished": "2023-06-01T04:08:35.754Z",
"dateReserved": "2023-02-03T20:38:05.230Z",
"dateUpdated": "2025-01-10T18:47:07.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.50.230201a\", \"matchCriteriaId\": \"D2145115-B3C0-450E-B8E4-F9E0CA60E532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.60\", \"versionEndExcluding\": \"8.60.230201b\", \"matchCriteriaId\": \"1C59CC87-0F34-4B34-A8E9-4A8EC922067F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.70\", \"versionEndExcluding\": \"8.70.230201a\", \"matchCriteriaId\": \"33EB0365-40C7-4750-A013-37B655A24FE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.80\", \"versionEndExcluding\": \"8.80.230201a\", \"matchCriteriaId\": \"3F952C1B-EA21-4179-A8CF-84952EBE2478\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AF2B03B-B033-439F-8CEE-334FA8053278\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \\n\\n\\n\\n\\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\\u00a0all versions of vCR8.40 and prior.\\n\\n\"}]",
"id": "CVE-2023-24584",
"lastModified": "2024-11-21T07:48:10.787",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"disclosures@gallagher.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-06-01T05:15:09.767",
"references": "[{\"url\": \"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584\", \"source\": \"disclosures@gallagher.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"disclosures@gallagher.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-24584\",\"sourceIdentifier\":\"disclosures@gallagher.com\",\"published\":\"2023-06-01T05:15:09.767\",\"lastModified\":\"2024-11-21T07:48:10.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \\n\\n\\n\\n\\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u00a0all versions of vCR8.40 and prior.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.50.230201a\",\"matchCriteriaId\":\"D2145115-B3C0-450E-B8E4-F9E0CA60E532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.60\",\"versionEndExcluding\":\"8.60.230201b\",\"matchCriteriaId\":\"1C59CC87-0F34-4B34-A8E9-4A8EC922067F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.70\",\"versionEndExcluding\":\"8.70.230201a\",\"matchCriteriaId\":\"33EB0365-40C7-4750-A013-37B655A24FE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.80\",\"versionEndExcluding\":\"8.80.230201a\",\"matchCriteriaId\":\"3F952C1B-EA21-4179-A8CF-84952EBE2478\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AF2B03B-B033-439F-8CEE-334FA8053278\"}]}]}],\"references\":[{\"url\":\"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584\",\"source\":\"disclosures@gallagher.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:03:18.735Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-24584\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-10T18:46:54.400796Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-10T18:47:03.797Z\"}}], \"cna\": {\"title\": \"Controller 6000 buffer overflow via upload feature in web interface\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Gallagher\", \"product\": \"Controller 6000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"vCR8.80.230201a\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"vCR8.70.230201a\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"vCR8.60.230201b\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"vCR8.50.230201a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"\\nEnsure dipswitch 1 is turned off on all Controllers and the option, \\\"Dipswitch 1 controls the diagnostic web interface\\\", is not checked in Configuration Client on Controller property pages. Do not use the Controller override, \\\"Enable WWW Connections\\\". Refer to the Gallagher Command Centre Hardening Guide for more details.\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEnsure dipswitch 1 is turned off on all Controllers and the option, \\\"Dipswitch 1 controls the diagnostic web interface\\\", is not checked in Configuration Client on Controller property pages. Do not use the Controller override, \\\"Enable WWW Connections\\\". Refer to the Gallagher Command Centre Hardening Guide for more details.\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \\n\\n\\n\\n\\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\\u00a0all versions of vCR8.40 and prior.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \u003c/span\u003e\\n\\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eall versions of vCR8.40 and prior.\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"shortName\": \"Gallagher\", \"dateUpdated\": \"2023-06-01T04:08:35.754Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-24584\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-10T18:47:07.773Z\", \"dateReserved\": \"2023-02-03T20:38:05.230Z\", \"assignerOrgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"datePublished\": \"2023-06-01T04:08:35.754Z\", \"assignerShortName\": \"Gallagher\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…