CVE-2024-24972
Buffer Copy without Checking Size of Input CWE-120 in the
Description
Description
Buffer Copy without Checking Size of Input CWE-120 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled default is off unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes.
This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a distributed in 9.10.1530 MR2, 9.00 prior to vCR9.00.240816a distributed in 9.00.2168 MR4, 8.90 prior to vCR8.90.240816a distributed in 8.90.2155 MR5, 8.80 prior to vCR8.80.240816b distributed in 8.80.1938 MR6, all versions of 8.70 and prior.
CVSS Scores
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| UNKNOWN |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2024-09-11
Date last modified:
2024-09-11
Date generated:
2025-01-15
NVD report: