Vulnerabilities > Gallagher

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-22439 Improper Input Validation vulnerability in Gallagher Command Centre and Controller 6000 Firmware
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
network
low complexity
gallagher CWE-20
4.3
2023-12-18 CVE-2023-23570 Unspecified vulnerability in Gallagher Command Centre
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
network
low complexity
gallagher
8.1
2023-12-18 CVE-2023-23576 Unspecified vulnerability in Gallagher Command Centre
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.
low complexity
gallagher
4.3
2023-12-18 CVE-2023-23584 Information Exposure Through Discrepancy vulnerability in Gallagher Command Centre
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.
network
low complexity
gallagher CWE-203
4.3
2023-12-18 CVE-2023-24590 Use of Externally-Controlled Format String vulnerability in Gallagher Controller 6000 Firmware
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
network
low complexity
gallagher CWE-134
8.8
2023-12-18 CVE-2023-41967 Improper Cross-boundary Removal of Sensitive Data vulnerability in Gallagher Controller 6000 Firmware
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.
low complexity
gallagher CWE-212
4.6
2023-12-18 CVE-2023-46686 Unspecified vulnerability in Gallagher Command Centre 9.00/9.00.1507
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.
network
low complexity
gallagher
7.1
2023-12-18 CVE-2023-6355 Incorrect Authorization vulnerability in Gallagher Controller 7000 Firmware
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug.
low complexity
gallagher CWE-863
6.8
2023-07-25 CVE-2023-23568 Unspecified vulnerability in Gallagher Command Centre
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior
network
low complexity
gallagher
5.4
2023-07-25 CVE-2023-22363 Out-of-bounds Write vulnerability in Gallagher Command Centre 8.80
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
network
low complexity
gallagher CWE-787
7.5