CVE-2023-22439
https://notcve.org/view.php?id=CVE-2023-22439
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. Se puede utilizar una validación de entrada incorrecta de una solicitud HTTP grande en la interfaz web de diagnóstico opcional de Controller 6000 y Controller 7000 (puerto 80) para realizar una denegación de servicio de la interfaz web de diagnóstico. Este problema afecta a: Gallagher Controller 6000 y 7000 8.90 antes de vCR8.90.231204a (distribuido en 8.90.1620 (MR2)), 8.80 antes de vCR8.80.231204a (distribuido en 8.80.1369 (MR3)), 8.70 antes de vCR8. 70.231204a (distribuido en 8.70.2375 (MR5)), 8.60 antes de vCR8.60.231116a (distribuido en 8.60.2550 (MR7)), todas las versiones de 8.50 y anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2023-22439 • CWE-20: Improper Input Validation •
CVE-2023-24584 – Controller 6000 buffer overflow via upload feature in web interface
https://notcve.org/view.php?id=CVE-2023-24584
Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •