Vulnerability Description
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gallagher | Controller 6000 Firmware | <= 8.50 |
| Gallagher | Controller 6000 | - |
| Gallagher | Command Centre | <= 8.50 |
| Gallagher | Controller 7000 | - |
Related Weaknesses (CWE)
References
- https://security.gallagher.com/Security-Advisories/CVE-2023-22439Vendor Advisory
- https://security.gallagher.com/Security-Advisories/CVE-2023-22439Vendor Advisory
FAQ
What is CVE-2023-22439?
CVE-2023-22439 is a vulnerability with a CVSS score of 3.1 (LOW). Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic w...
How severe is CVE-2023-22439?
CVE-2023-22439 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22439?
Check the references section above for vendor advisories and patch information. Affected products include: Gallagher Controller 6000 Firmware, Gallagher Controller 6000, Gallagher Command Centre, Gallagher Controller 7000.