CVE-2023-24584

Published: Jun 1, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior.

Affected (4)

Products: Gallagher: Controller 6000 Firmware

Gallagher

1 product

Controller 6000 Firmware

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gallagher Controller 6000 Firmware	Before 8.50.230201a
Gallagher Controller 6000 Firmware	From 8.60 to 8.60.230201b
Gallagher Controller 6000 Firmware	From 8.70 to 8.70.230201a
Gallagher Controller 6000 Firmware	From 8.80 to 8.80.230201a

Running on/with	Platform Versions
Gallagher Controller 6000	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584

Source: disclosures@gallagher.com

Vendor Advisory

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.