CVE-2024-22383

Name of the Vulnerable Software and Affected Versions Gallagher Controller 7000 versions 8.70 prior to vCR8.70.240209a Gallagher Controller 7000 versions 8.80 prior to vCR8.80.240209a Gallagher Controller 7000 versions 8.90 prior to vCR8.90.240209b Gallagher Controller 7000 versions 9.00 prior to vCR9.00.231204b

Description The issue is related to a missing release of resource after effective lifetime, resulting in HBUS connected T-Series readers not automatically recovering after coming under attack over the RS-485 interface. This leads to a persistent denial of service.

Recommendations For Gallagher Controller 7000 version 8.70 prior to vCR8.70.240209a, update to vCR8.70.240209a or later. For Gallagher Controller 7000 version 8.80 prior to vCR8.80.240209a, update to vCR8.80.240209a or later. For Gallagher Controller 7000 version 8.90 prior to vCR8.90.240209b, update to vCR8.90.240209b or later. For Gallagher Controller 7000 version 9.00 prior to vCR9.00.231204b, update to vCR9.00.231204b or later.