Vulnerability Details : CVE-2023-6355
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug.
This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).
Products affected by CVE-2023-6355
- cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6355
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6355
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
Gallagher Group Ltd. | |
|
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST | 2024-01-02 |
CWE ids for CVE-2023-6355
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
-
The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.Assigned by: disclosures@gallagher.com (Secondary)
References for CVE-2023-6355
-
https://security.gallagher.com/Security-Advisories/CVE-2023-6355
CVE-2023-6355Vendor Advisory
Jump to