CVE-2024-41146

Published: Dic 12, 2024 Last Modified: Dic 12, 2024 EU-VD ID: EUVD-2024-39327

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,6

Source: [email protected]

Attack Vector: physical

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve.

This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0006

Percentile

0,2th

Updated

EPSS Score Trend (Last 90 Days)

694

Use of Multiple Resources with Duplicate Identifier

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Other

Potential Impacts:

Bypass Protection Mechanism Quality Degradation

Applicable Platforms

All platforms may be affected

View CWE Details

https://security.gallagher.com/en-NZ/Security-Advisories/CV…

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146

CVE-2024-41146

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Use of Multiple Resources with Duplicate Identifier

Common Consequences

Applicable Platforms

Iscriviti alla newsletter