CVE-2024-24972
📋 TL;DR
A buffer overflow vulnerability (CWE-120) in Gallagher Controller 6000/7000 diagnostic web interface allows authenticated operators to reboot controllers, causing denial of service. This affects multiple firmware versions of Controller 6000 and 7000 systems. The diagnostic interface is disabled by default but becomes vulnerable when enabled.
💻 Affected Systems
- Gallagher Controller 6000
- Gallagher Controller 7000
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker exploits buffer overflow to reboot critical access control controllers, disrupting physical security operations and potentially causing extended downtime.
Likely Case
Authorized operator accidentally or intentionally triggers reboot through diagnostic interface, causing temporary service disruption until controller restarts.
If Mitigated
With diagnostic interface disabled (default), no exploitation possible; systems operate normally with full functionality.
🎯 Exploit Status
Requires authenticated operator access to diagnostic interface. Buffer overflow leads to reboot rather than code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: vCR9.10.240816a, vCR9.00.240816a, vCR8.90.240816a, vCR8.80.240816b
Vendor Advisory: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-24972
Restart Required: Yes
Instructions:
1. Download appropriate firmware update from Gallagher support portal. 2. Backup controller configuration. 3. Apply firmware update following Gallagher documentation. 4. Verify update completed successfully. 5. Test system functionality.
🔧 Temporary Workarounds
Disable Diagnostic Web Interface
allDisable the diagnostic web interface as it's not required for normal operation
Access controller web interface > Configuration > Diagnostic Settings > Disable diagnostic web interface
Restrict Network Access
allLimit network access to diagnostic interface using firewall rules
Configure firewall to block access to diagnostic interface port (typically TCP 443) except from authorized management systems
🧯 If You Can't Patch
- Disable diagnostic web interface immediately via controller configuration
- Implement strict access controls and monitoring for any authenticated users with diagnostic interface access
🔍 How to Verify
Check if Vulnerable:
Check controller firmware version via web interface or CLI and compare against affected versions listCheck Version:
Access controller web interface > System Information > Firmware Version or use Gallagher Command CentreVerify Fix Applied:
Verify firmware version shows patched version (vCR9.10.240816a or later equivalent) and diagnostic interface remains disabled📡 Detection & Monitoring
Log Indicators:
- Unexpected controller reboots
- Multiple failed authentication attempts to diagnostic interface
- Buffer overflow errors in system logs
Network Indicators:
- Unusual traffic patterns to diagnostic interface port
- Multiple reboot commands sent to controller
SIEM Query:
source="gallagher_controller" AND (event_type="reboot" OR event_type="buffer_overflow")