CVE-2023-22439: Input Validation
First published: Mon Dec 18 2023(Updated: )
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
Credit: disclosures@gallagher.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Gallagher Controller 6000 Firmware | <=8.50 | |
| Gallagher Controller 6000 Firmware | >=8.60<8.60.231116a | |
| Gallagher Controller 6000 Firmware | >=8.70<8.70.231204a | |
| Gallagher Controller 6000 Firmware | >=8.80<8.80.231204a | |
| Gallagher Controller 6000 Firmware | >=8.90<8.90.231204a | |
| Gallagher Controller 6000 Firmware | ||
| All of | ||
| Any of | ||
| Gallagher Command Centre | <=8.50 | |
| Gallagher Command Centre | >=8.60<8.60.231116a | |
| Gallagher Command Centre | >=8.70<8.70.231204a | |
| Gallagher Command Centre | >=8.80<8.80.231204a | |
| Gallagher Command Centre | >=8.90<8.90.231204a | |
| Any of | ||
| Gallagher Controller 6000 Firmware | ||
| Gallagher Controller 7000 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-22439?
CVE-2023-22439 has a severity associated with it that can lead to a Denial of Service in the diagnostic web interface.
Which devices are affected by CVE-2023-22439?
CVE-2023-22439 affects Gallagher Controller 6000 and Controller 7000 running firmware versions prior to vCR8.90.231204a.
How do I fix CVE-2023-22439?
To fix CVE-2023-22439, update your Gallagher Controller 6000 or 7000 firmware to version vCR8.90.231204a or later.
What kind of attack can be executed using CVE-2023-22439?
CVE-2023-22439 can be exploited to perform a Denial of Service attack on the diagnostic web interface.
Is there a workaround for CVE-2023-22439 if I cannot update immediately?
There are currently no documented workarounds for CVE-2023-22439, so it is recommended to update the firmware as soon as possible.
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gallagher
- canonical/gallagher controller 6000 firmware
- version/gallagher controller 6000 firmware/8.50
- version/gallagher controller 6000 firmware/8.60
- version/gallagher controller 6000 firmware/8.70
- version/gallagher controller 6000 firmware/8.80
- version/gallagher controller 6000 firmware/8.90
- canonical/gallagher command centre
- version/gallagher command centre/8.50
- version/gallagher command centre/8.60
- version/gallagher command centre/8.70
- version/gallagher command centre/8.80
- version/gallagher command centre/8.90
- canonical/gallagher controller 7000 firmware