CVE-2024-23317 (GCVE-0-2024-23317)
Vulnerability from cvelistv5
Published
2024-07-11 02:39
Modified
2024-08-01 22:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-73 - External Control of File Name or Path
Summary
External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution.
This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Controller 6000 and Controller 7000 |
Version: 0 < 8.60 Version: 9.10 < Version: 9.00 < Version: 8.90 < Version: 8.80 < Version: 8.70 < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:8.70:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.70.240520a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:8.80:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.80.240520a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:8.90:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.90.240520a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:9.00:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.00.240521a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_6000_firmware:9.10:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_6000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.10.240520a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:8.70:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.70.240520a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:8.80:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.80.240520a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:8.90:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "8.90.240520a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:9.00:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.00.240521a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gallagher:controller_7000_firmware:9.10:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "controller_7000_firmware",
"vendor": "gallagher",
"versions": [
{
"lessThan": "9.10.240520a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:25:33.804644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:48:05.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23317"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Controller 6000 and Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR9.10.240520a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR9.00.240521a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR8.90.240520a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR8.80.240520a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThanOrEqual": "vCR8.70.240520a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eExternal Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \u003c/p\u003e\u003cp\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e\u0026nbsp;9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \n\nThis issue affects:\u00a09.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T02:39:28.129Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23317"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-23317",
"datePublished": "2024-07-11T02:39:28.129Z",
"dateReserved": "2024-02-05T04:16:47.971Z",
"dateUpdated": "2024-08-01T22:59:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:59:32.128Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23317\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-11T14:25:33.804644Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:-:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.60\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:8.70:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.70\", \"lessThan\": \"8.70.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:8.80:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.80\", \"lessThan\": \"8.80.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:8.90:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.90\", \"lessThan\": \"8.90.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:9.00:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.00\", \"lessThan\": \"9.00.240521a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_6000_firmware:9.10:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.10\", \"lessThan\": \"9.10.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.60\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:8.70:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.70\", \"lessThan\": \"8.70.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:8.80:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.80\", \"lessThan\": \"8.80.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:8.90:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.90\", \"lessThan\": \"8.90.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:9.00:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.00\", \"lessThan\": \"9.00.240521a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:gallagher:controller_7000_firmware:9.10:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"controller_7000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.10\", \"lessThan\": \"9.10.240520a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-11T15:13:33.413Z\"}}], \"cna\": {\"source\": {\"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Gallagher\", \"product\": \"Controller 6000 and Controller 7000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8.60\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.10\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR9.10.240520a\"}, {\"status\": \"affected\", \"version\": \"9.00\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR9.00.240521a\"}, {\"status\": \"affected\", \"version\": \"8.90\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR8.90.240520a\"}, {\"status\": \"affected\", \"version\": \"8.80\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR8.80.240520a\"}, {\"status\": \"affected\", \"version\": \"8.70\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"vCR8.70.240520a\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://security.gallagher.com/Security-Advisories/CVE-2024-23317\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \\n\\nThis issue affects:\\u00a09.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eExternal Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. \u003c/p\u003e\u003cp\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e\u0026nbsp;9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-73\", \"description\": \"CWE-73 External Control of File Name or Path\"}]}], \"providerMetadata\": {\"orgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"shortName\": \"Gallagher\", \"dateUpdated\": \"2024-07-11T02:39:28.129Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-23317\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:59:32.128Z\", \"dateReserved\": \"2024-02-05T04:16:47.971Z\", \"assignerOrgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"datePublished\": \"2024-07-11T02:39:28.129Z\", \"assignerShortName\": \"Gallagher\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…