CVE-2023-6355
MEDIUMGallagher Controller 7000 <9.00.231204b - Privilege Escalation
Title source: llmDescription
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).
References (1)
Core 1
Core References
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2023-6355
Scores
CVSS v3
6.8
EPSS
0.0035
EPSS Percentile
27.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1253
CWE-863
Status
published
Products (1)
gallagher/controller_7000_firmware
8.70 - 8.70.231204a
Published
Dec 18, 2023
Tracked Since
Feb 18, 2026