What is the severity of CVE-2023-6355?

CVE-2023-6355 is considered a significant vulnerability that allows attackers to bypass security mechanisms.

How do I fix CVE-2023-6355?

To mitigate CVE-2023-6355, upgrade the Gallagher Controller 7000 firmware to version 9.00.231204b or 8.90.231204a or later.

Which versions of the Gallagher Controller 7000 are affected by CVE-2023-6355?

CVE-2023-6355 affects Gallagher Controller 7000 firmware versions prior to 9.00.231204b and 8.90.231204a.

What can an attacker gain by exploiting CVE-2023-6355?

An attacker exploiting CVE-2023-6355 can enable local debugging and potentially gain more unauthorized access.

Is CVE-2023-6355 limited to specific hardware?

Yes, CVE-2023-6355 specifically affects the Gallagher Controller 7000 platform.

Vulnerability/
CVE-2023-6355

medium

6.8

CWE

1253 863

EPSS

0.053%

18/12/2023

2/8/2024

CVE-2023-6355

First published: Mon Dec 18 2023(Updated: )

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

Credit: disclosures@gallagher.com

Affected Software	Affected Version	How to fix
All of
Any of
Gallagher Controller 7000 Firmware	>=8.70<8.70.231204a
Gallagher Controller 7000 Firmware	>=8.80<8.80.231204a
Gallagher Controller 7000 Firmware	>=8.90<8.90.231204a
Gallagher Controller 7000 Firmware	>=9.00<9.00.231204b
Gallagher Controller 7000 Firmware

Never miss a vulnerability like this again

Reference Links

https://security.gallagher.com/Security-Advisories/CVE-2023-6355

Frequently Asked Questions

What is the severity of CVE-2023-6355?
CVE-2023-6355 is considered a significant vulnerability that allows attackers to bypass security mechanisms.
How do I fix CVE-2023-6355?
To mitigate CVE-2023-6355, upgrade the Gallagher Controller 7000 firmware to version 9.00.231204b or 8.90.231204a or later.
Which versions of the Gallagher Controller 7000 are affected by CVE-2023-6355?
CVE-2023-6355 affects Gallagher Controller 7000 firmware versions prior to 9.00.231204b and 8.90.231204a.
What can an attacker gain by exploiting CVE-2023-6355?
An attacker exploiting CVE-2023-6355 can enable local debugging and potentially gain more unauthorized access.
Is CVE-2023-6355 limited to specific hardware?
Yes, CVE-2023-6355 specifically affects the Gallagher Controller 7000 platform.

agent/type
agent/first-publish-date
agent/weakness
agent/softwarecombine
agent/severity
agent/references
agent/author
agent/event
agent/description
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gallagher
canonical/gallagher controller 7000 firmware
version/gallagher controller 7000 firmware/8.70
version/gallagher controller 7000 firmware/8.80
version/gallagher controller 7000 firmware/8.90
version/gallagher controller 7000 firmware/9.00

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.