CVE-2024-22387
📋 TL;DR
This vulnerability allows authenticated users of Gallagher Controller 6000/7000 diagnostic web interfaces to modify device I/O connections, potentially compromising physical security controls. It affects Gallagher Controller 6000 and 7000 systems with vulnerable firmware versions. The diagnostic interface is disabled by default but becomes vulnerable when enabled.
💻 Affected Systems
- Gallagher Controller 6000
- Gallagher Controller 7000
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Compromise of physical security controls allowing unauthorized access to secured facilities, manipulation of door locks, alarms, or other physical security systems.
Likely Case
Unauthorized modification of I/O connections leading to disruption of physical security operations, false alarms, or temporary loss of security functionality.
If Mitigated
Limited impact if diagnostic interface remains disabled (default) and proper network segmentation is in place.
🎯 Exploit Status
Requires authenticated access to diagnostic web interface. Exploitation involves modifying I/O connection parameters through the interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: vCR9.10.240520a (in 9.10.1268(MR1)), vCR9.00.240521a (in 9.00.1990(MR3)), vCR8.90.240520a (in 8.90.1947(MR4)), vCR8.80.240520a (in 8.80.1726(MR5)), vCR8.70.240520a (in 8.70.2824(MR7))
Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2024-22387
Restart Required: Yes
Instructions:
1. Download appropriate firmware update from Gallagher support portal. 2. Backup current configuration. 3. Apply firmware update following Gallagher documentation. 4. Restart controller. 5. Verify update and restore configuration if needed.
🔧 Temporary Workarounds
Disable Diagnostic Web Interface
allDisable the diagnostic web interface as recommended by Gallagher unless specifically required for troubleshooting.
Access controller web interface > Configuration > Diagnostic Settings > Disable diagnostic web interface
Network Segmentation
allRestrict network access to controller diagnostic interface using firewall rules or network segmentation.
Add firewall rule: deny all traffic to controller diagnostic port (typically TCP 80/443) except from authorized management systems
🧯 If You Can't Patch
- Ensure diagnostic web interface is disabled (default setting)
- Implement strict access controls and network segmentation to limit access to controller management interfaces
🔍 How to Verify
Check if Vulnerable:
Check controller firmware version via web interface or CLI. If diagnostic interface is enabled and firmware is in affected version range, system is vulnerable.Check Version:
Access controller web interface > System Information > Firmware Version, or use Gallagher diagnostic toolsVerify Fix Applied:
Verify firmware version is updated to patched version and diagnostic interface remains disabled unless absolutely necessary.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to diagnostic interface
- Changes to I/O connection configurations outside maintenance windows
- Authentication logs showing access from unexpected sources
Network Indicators:
- Traffic to controller diagnostic ports from unauthorized sources
- Unusual patterns of configuration changes via web interface
SIEM Query:
source="gallagher-controller" AND (event_type="config_change" OR url_path="/diagnostic/*") AND NOT user IN [authorized_users]