Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.
Published 2023-12-18 22:15:09
Updated 2024-01-05 17:59:29
View at NVD,   CVE.org

Products affected by CVE-2023-41967

Exploit prediction scoring system (EPSS) score for CVE-2023-41967

0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41967

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.4
LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.9
1.4
Gallagher Group Ltd.
4.6
MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.9
3.6
NIST 2024-01-05

CWE ids for CVE-2023-41967

References for CVE-2023-41967

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!