CVE-2023-6355

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug.

This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

Ссылки

https://security.gallagher.com/Security-Advisories/CVE-2023-6355
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2023-6355
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*

Версия от 8.70 (включая) до 8.70.231204a (исключая)

cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*

Версия от 8.80 (включая) до 8.80.231204a (исключая)

cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*

Версия от 8.90 (включая) до 8.90.231204a (исключая)

cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*

Версия от 9.00 (включая) до 9.00.231204b (исключая)

cpe:2.3:h:gallagher:controller_7000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00012

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-1253

CWE-863

Связанные уязвимости

GHSA-x8w2-5hj8-c5rf

CVSS3: 6.8

github

около 2 лет назад

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

EPSS

Процентиль: 1%

0.00012

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-1253

CWE-863