CVE-2024-23485

Name of the Vulnerable Software and Affected Versions Gallagher Controller 6000 and 7000 versions 8.60 and prior Gallagher Controller 6000 and 7000 versions 8.70 prior to vCR8.70.240520a Gallagher Controller 6000 and 7000 versions 8.80 prior to vCR8.80.240520a Gallagher Controller 6000 and 7000 versions 8.90 prior to vCR8.90.240520a Gallagher Controller 6000 and 7000 versions 9.00 prior to vCR9.00.240521a Gallagher Controller 6000 and 7000 versions 9.10 prior to vCR9.10.240520a

Description The issue is related to improperly preserved integrity of hardware configuration state during a power save/restore operation, which can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access.

Recommendations For versions 8.60 and prior, update to a version later than vCR8.60. For versions 8.70, update to vCR8.70.240520a or later. For versions 8.80, update to vCR8.80.240520a or later. For versions 8.90, update to vCR8.90.240520a or later. For versions 9.00, update to vCR9.00.240521a or later. For versions 9.10, update to vCR9.10.240520a or later.