Back

CVE-2024-23485

July 11, 2024, 1:05 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Gallagher Controller 6000

  • 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1))
  • 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3))
  • 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4))
  • 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5))
  • 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7))
  • all versions of 8.60 and prior

Gallagher Controller 7000

  • 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1))
  • 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3))
  • 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4))
  • 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5))
  • 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7))
  • all versions of 8.60 and prior

Source

disclosures@gallagher.com

Tags

2024-07-11
disclosures@gallagher.com
CVE-2024-23485
CWE-1304

CVE-2024-23485 details

Published : July 11, 2024, 3:15 a.m.
Last Modified : July 11, 2024, 1:05 p.m.

Description

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access.  This issue affects: Gallagher Controller 6000 and 7000 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)),  8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.

CVSS Score

1 2 3 4.6 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation.

CVSS Data

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

4.6

Exploitability Score

0.9

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

URL Source
https://security.gallagher.com/Security-Advisories/CVE-2024-23485 disclosures@gallagher.com
This website uses the NVD API, but is not approved or certified by it.