Vulnerability Description
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gallagher | Controller 6000 Firmware | <= 8.60 |
| Gallagher | Controller 6000 | - |
Related Weaknesses (CWE)
References
- https://security.gallagher.com/Security-Advisories/CVE-2023-41967Vendor Advisory
- https://security.gallagher.com/Security-Advisories/CVE-2023-41967Vendor Advisory
FAQ
What is CVE-2023-41967?
CVE-2023-41967 is a vulnerability with a CVSS score of 2.4 (LOW). Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical ac...
How severe is CVE-2023-41967?
CVE-2023-41967 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41967?
Check the references section above for vendor advisories and patch information. Affected products include: Gallagher Controller 6000 Firmware, Gallagher Controller 6000.