Description

Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior.

INFO

Published Date :

2024-09-11T04:03:18.609Z

Last Modified :

2024-09-11T13:37:28.096Z

Source :

Gallagher
AFFECTED PRODUCTS

The following products are affected by CVE-2024-24972 vulnerability.

Vendors Products
Gallagher
  • Controller 6000
  • Controller 7000
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-24972.

URL Resource
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-24972 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact