CVE-2023-6355
18.12.2023, 22:15
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)),8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).Enginsight
| Vendor | Product | Version |
|---|---|---|
| gallagher | controller_7000_firmware | 8.70 ≤ 𝑥 < 8.70.231204a |
| gallagher | controller_7000_firmware | 8.80 ≤ 𝑥 < 8.80.231204a |
| gallagher | controller_7000_firmware | 8.90 ≤ 𝑥 < 8.90.231204a |
| gallagher | controller_7000_firmware | 9.00 ≤ 𝑥 < 9.00.231204b |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1253 - Incorrect Selection of Fuse ValuesThe logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.