CVE-2024-23317 (GCVE-0-2024-23317)
Vulnerability from cvelistv5 – Published: 2024-07-11 02:39 – Updated: 2024-08-01 22:59
VLAI?
Summary
External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution.
This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.
Severity ?
6.3 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Controller 6000 and Controller 7000 |
Affected:
0 , < 8.60
(custom)
Affected: 9.10 , ≤ vCR9.10.240520a (custom) Affected: 9.00 , ≤ vCR9.00.240521a (custom) Affected: 8.90 , ≤ vCR8.90.240520a (custom) Affected: 8.80 , ≤ vCR8.80.240520a (custom) Affected: 8.70 , ≤ vCR8.70.240520a (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:8.70:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.70.240520a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:8.80:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.80.240520a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:8.90:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.90.240520a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:9.00:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.00.240521a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:9.10:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.10.240520a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:8.70:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.70.240520a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:8.80:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.80.240520a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:8.90:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.90.240520a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:9.00:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.00.240521a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:9.10:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.10.240520a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:25:33.804644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:48:05.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23317"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Controller 6000 and Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR9.10.240520a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR9.00.240521a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR8.90.240520a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR8.80.240520a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR8.70.240520a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eExternal Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \u003c/p\u003e\u003cp\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e\u0026nbsp;9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \n\nThis issue affects:\u00a09.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T02:39:28.129Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23317"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-23317",
"datePublished": "2024-07-11T02:39:28.129Z",
"dateReserved": "2024-02-05T04:16:47.971Z",
"dateUpdated": "2024-08-01T22:59:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \\n\\nThis issue affects:\\u00a09.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\"}, {\"lang\": \"es\", \"value\": \"El control externo del nombre o ruta del archivo (CWE-73) en el Controlador 6000 y el Controlador 7000 permite a un atacante con acceso local al Controlador realizar la ejecuci\\u00f3n de c\\u00f3digo arbitrario. Este problema afecta a: 9.10 anterior a vCR9.10.240520a (distribuido en 9.10.1268(MR1)), 9.00 anterior a vCR9.00.240521a (distribuido en 9.00.1990(MR3)), 8.90 anterior a vCR8.90.240520a (distribuido en 8.90.1947 (MR4)), 8.80 antes de vCR8.80.240520a (distribuido en 8.80.1726 (MR5)), 8.70 antes de vCR8.70.240520a (distribuido en 8.70.2824 (MR7)), todas las versiones de 8.60 y anteriores .\"}]",
"id": "CVE-2024-23317",
"lastModified": "2024-11-21T08:57:29.543",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"disclosures@gallagher.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.5}]}",
"published": "2024-07-11T03:15:03.130",
"references": "[{\"url\": \"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\", \"source\": \"disclosures@gallagher.com\"}, {\"url\": \"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"disclosures@gallagher.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-73\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-23317\",\"sourceIdentifier\":\"disclosures@gallagher.com\",\"published\":\"2024-07-11T03:15:03.130\",\"lastModified\":\"2024-11-21T08:57:29.543\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \\n\\nThis issue affects:\u00a09.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\"},{\"lang\":\"es\",\"value\":\"El control externo del nombre o ruta del archivo (CWE-73) en el Controlador 6000 y el Controlador 7000 permite a un atacante con acceso local al Controlador realizar la ejecuci\u00f3n de c\u00f3digo arbitrario. Este problema afecta a: 9.10 anterior a vCR9.10.240520a (distribuido en 9.10.1268(MR1)), 9.00 anterior a vCR9.00.240521a (distribuido en 9.00.1990(MR3)), 8.90 anterior a vCR8.90.240520a (distribuido en 8.90.1947 (MR4)), 8.80 antes de vCR8.80.240520a (distribuido en 8.80.1726 (MR5)), 8.70 antes de vCR8.70.240520a (distribuido en 8.70.2824 (MR7)), todas las versiones de 8.60 y anteriores .\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-73\"}]}],\"references\":[{\"url\":\"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\",\"source\":\"disclosures@gallagher.com\"},{\"url\":\"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:59:32.128Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23317\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-11T14:25:33.804644Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:-:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.60\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:8.70:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.70\", \"lessThan\": \"8.70.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:8.80:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.80\", \"lessThan\": \"8.80.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:8.90:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.90\", \"lessThan\": \"8.90.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:9.00:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.00\", \"lessThan\": \"9.00.240521a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:9.10:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.10\", \"lessThan\": \"9.10.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.60\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:8.70:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.70\", \"lessThan\": \"8.70.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:8.80:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.80\", \"lessThan\": \"8.80.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:8.90:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.90\", \"lessThan\": \"8.90.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:9.00:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.00\", \"lessThan\": \"9.00.240521a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:9.10:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.10\", \"lessThan\": \"9.10.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-11T15:13:33.413Z\"}}], \"cna\": {\"source\": {\"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Gallagher\", \"product\": \"Controller 6000 and Controller 7000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8.60\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.10\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR9.10.240520a\"}, {\"status\": \"affected\", \"version\": \"9.00\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR9.00.240521a\"}, {\"status\": \"affected\", \"version\": \"8.90\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR8.90.240520a\"}, {\"status\": \"affected\", \"version\": \"8.80\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR8.80.240520a\"}, {\"status\": \"affected\", \"version\": \"8.70\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR8.70.240520a\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \\n\\nThis issue affects:\\u00a09.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eExternal Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \u003c/p\u003e\u003cp\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e\u0026nbsp;9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-73\", \"description\": \"CWE-73 External Control of File Name or Path\"}]}], \"providerMetadata\": {\"orgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"shortName\": \"Gallagher\", \"dateUpdated\": \"2024-07-11T02:39:28.129Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-23317\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:59:32.128Z\", \"dateReserved\": \"2024-02-05T04:16:47.971Z\", \"assignerOrgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"datePublished\": \"2024-07-11T02:39:28.129Z\", \"assignerShortName\": \"Gallagher\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…