CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43690
https://notcve.org/view.php?id=CVE-2024-43690
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39808
https://notcve.org/view.php?id=CVE-2024-39808
Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-39808 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24972
https://notcve.org/view.php?id=CVE-2024-24972
Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-24972 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23906
https://notcve.org/view.php?id=CVE-2024-23906
Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-23906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23317
https://notcve.org/view.php?id=CVE-2024-23317
External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior. El control externo del nombre o ruta del archivo (CWE-73) en el Controlador 6000 y el Controlador 7000 permite a un atacante con acceso local al Controlador realizar la ejecución de código arbitrario. Este problema afecta a: 9.10 anterior a vCR9.10.240520a (distribuido en 9.10.1268(MR1)), 9.00 anterior a vCR9.00.240521a (distribuido en 9.00.1990(MR3)), 8.90 anterior a vCR8.90.240520a (distribuido en 8.90.1947 (MR4)), 8.80 antes de vCR8.80.240520a (distribuido en 8.80.1726 (MR5)), 8.70 antes de vCR8.70.240520a (distribuido en 8.70.2824 (MR7)), todas las versiones de 8.60 y anteriores . • https://security.gallagher.com/Security-Advisories/CVE-2024-23317 • CWE-73: External Control of File Name or Path •