CVE-2024-39808— Controller 6000和Controller 7000 安全漏洞

N/A

Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior.

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

缓冲区大小计算不正确

Controller 6000和Controller 7000 安全漏洞

Gallagher Controller 6000和Gallagher Controller 7000都是新西兰Gallagher公司的产品。Gallagher Controller 6000是一个 Gallagher 命令中心服务器和分布式现场硬件之间的接口。Gallagher Controller 7000是一款功能强大的网络连接控制器。 Controller 6000和Controller 7000存在安全漏洞，该漏洞源于处理OSDP消息时缓冲区大小计算不正确，这允许具有控制器接线物理访问权限的攻击

N/A

N/A