Vulnerability Details : CVE-2023-41967
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.
This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.
Products affected by CVE-2023-41967
- cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-41967
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-41967
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.4
|
LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
0.9
|
1.4
|
Gallagher Group Ltd. | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST | 2024-01-05 |
CWE ids for CVE-2023-41967
-
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.Assigned by: nvd@nist.gov (Primary)
-
The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.Assigned by: disclosures@gallagher.com (Secondary)
References for CVE-2023-41967
-
https://security.gallagher.com/Security-Advisories/CVE-2023-41967
CVE-2023-41967Vendor Advisory
Jump to