CVE-2023-41967 - OpenCVE

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gallagher	Controller 6000 Firmware Controller 6000

Configuration 1 [-]

AND

OR	cpe:2.3:o:gallagher:controller_6000_firmware::::::::
	cpe:2.3:o:gallagher:controller_6000_firmware::::::::

cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2023-41967	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Gallagher

Published: 2023-12-18T22:00:38.751Z

Updated: 2023-12-18T22:00:38.751Z

Reserved: 2023-11-01T22:24:52.305Z

Link: CVE-2023-41967

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-18T22:15:08.770

Modified: 2024-01-05T17:59:28.783

Link: CVE-2023-41967

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-41967", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2023-11-01T22:24:52.305Z", "datePublished": "2023-12-18T22:00:38.751Z", "dateUpdated": "2023-12-18T22:00:38.751Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Controller 6000", "vendor": "Gallagher", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "vCR8.70.231204a", "status": "affected", "version": "8.70", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. <br><br>This issue affects: Gallagher Controller 6000 </span><span style=\"background-color: rgb(255, 255, 255);\">8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), </span><span style=\"background-color: rgb(255, 255, 255);\">v8.60 or earlier.</span>\n\n<br>"}], "value": "\nSensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. \n\nThis issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1272", "description": "CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2023-12-18T22:00:38.751Z"}, "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-41967"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5B756DF-6D8A-4B89-9DAB-3EBD00C75E3A", "versionEndIncluding": "8.60", "vulnerable": true}, {"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "30EEB0FF-D2F2-47DA-9666-6532730B195F", "versionEndExcluding": "8.70.231204a", "versionStartIncluding": "8.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nSensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. \n\nThis issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.\n\n\n"}, {"lang": "es", "value": "Un atacante con conocimiento de la contrase\u00f1a de diagn\u00f3stico predeterminada de Controller 6000 y acceso f\u00edsico al Controlador para ver su configuraci\u00f3n a trav\u00e9s de las p\u00e1ginas web de diagn\u00f3stico podr\u00eda abusar de la informaci\u00f3n confidencial no borrada despu\u00e9s de la transici\u00f3n del estado de depuraci\u00f3n/encendido en el Controlador. Este problema afecta a: Gallagher Controller 6000 8.70 anterior a vCR8.70.231204a (distribuido en 8.70.2375 (MR5)), v8.60 o anterior."}], "id": "CVE-2023-41967", "lastModified": "2024-01-05T17:59:28.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2023-12-18T22:15:08.770", "references": [{"source": "disclosures@gallagher.com", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2023-41967"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1272"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}