CVE-2024-41146

Published Dec 12, 2024

Last updated 3 months ago

CVSS medium 4.6

Overview

Description
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.
Source
disclosures@gallagher.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.6
Impact score
3.6
Exploitability score
0.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

disclosures@gallagher.com
CWE-694

Social media

Hype score
Not currently trending

  1. CVE-2024-41146 Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBU… https://t.co/jsaSvYSqVI

    @CVEnew

    12 Dec 2024

    289 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References