CVE-2024-23485
First published: Thu Jul 11 2024(Updated: )
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and 7000 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.
Credit: disclosures@gallagher.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gallagher Controller 6000 Firmware | <vCR9.10.240520a | |
| Gallagher Controller 7000 Firmware | <vCR9.10.240520a | |
| Gallagher Controller 6000 Firmware | <vCR9.00.240521a | |
| Gallagher Controller 7000 Firmware | <vCR9.00.240521a | |
| Gallagher Controller 6000 Firmware | <vCR8.90.240520a | |
| Gallagher Controller 7000 Firmware | <vCR8.90.240520a | |
| Gallagher Controller 6000 Firmware | <vCR8.80.240520a | |
| Gallagher Controller 7000 Firmware | <vCR8.80.240520a | |
| Gallagher Controller 6000 Firmware | <vCR8.70.240520a | |
| Gallagher Controller 7000 Firmware | <vCR8.70.240520a | |
| Gallagher Controller 6000 Firmware | <8.60 | |
| Gallagher Controller 7000 Firmware | <8.60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-23485?
The severity of CVE-2024-23485 is considered to be high due to its potential to compromise physical access control.
How do I fix CVE-2024-23485?
To fix CVE-2024-23485, update the Gallagher Controller 6000 or 7000 to the latest version as recommended by the vendor.
What are the affected versions for CVE-2024-23485?
CVE-2024-23485 affects Gallagher Controller 6000 and 7000 versions prior to vCR9.10.240520a and earlier.
What kind of attack does CVE-2024-23485 enable?
CVE-2024-23485 could allow unauthorized access to secured premises by failing to properly manage the hardware configuration during power save/restore operations.
Which products are impacted by CVE-2024-23485?
CVE-2024-23485 impacts Gallagher's Controller 6000 and Controller 7000.
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gallagher
- canonical/gallagher controller 6000 firmware
- canonical/gallagher controller 7000 firmware