Lucene search

[email protected]CVE-2023-23568

HistoryJul 25, 2023 - 2:15 a.m.

CVE-2023-23568

2023-07-2502:15:09

CWE-285

[email protected]

web.nvd.nist.gov

cve-2023-23568

information security

command centre server

privilege validation

personal data fields

vulnerability

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.

This issue affects Command Centre: vEL

8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),

vEL8.70 prior to

vEL8.70.2185 (MR4),

vEL8.60 prior to

vEL8.60.2347 (MR6),

vEL8.50 prior to

vEL8.50.2831 (MR8), all versions

vEL8.40 and prior

Affected configurations

NVD

Node

gallaghercommand_centreRange≤8.40.2216

gallaghercommand_centreRange8.50–8.50.2831

gallaghercommand_centreRange8.60–8.60.2347

gallaghercommand_centreRange8.70–8.70.2185

gallaghercommand_centreRange8.80–8.80.1192

gallaghercommand_centreRange8.90–8.90.1318

CPENameOperatorVersion
gallagher:command_centregallagher command centrele8.40.2216
gallagher:command_centregallagher command centrelt8.50.2831
gallagher:command_centregallagher command centrelt8.60.2347
gallagher:command_centregallagher command centrelt8.70.2185
gallagher:command_centregallagher command centrelt8.80.1192
gallagher:command_centregallagher command centrelt8.90.1318

CPE	Name	Operator	Version
gallagher:command_centre	gallagher command centre	le	8.40.2216
gallagher:command_centre	gallagher command centre	lt	8.50.2831
gallagher:command_centre	gallagher command centre	lt	8.60.2347
gallagher:command_centre	gallagher command centre	lt	8.70.2185
gallagher:command_centre	gallagher command centre	lt	8.80.1192
gallagher:command_centre	gallagher command centre	lt	8.90.1318

CNA Affected

[
  {
    "vendor": "Gallagher",
    "product": "Command Centre",
    "versions": [
      {
        "status": "affected",
        "version": "vEL8.90",
        "lessThan": "1318",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.80",
        "lessThan": "1192",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.70",
        "lessThan": "2185",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.60",
        "lessThan": "2347",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.50",
        "lessThan": "2831",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.40"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVE-2023-23568

cvelist1 nvd1 prion1