Lucene search

[email protected]CVE-2023-23576

HistoryDec 18, 2023 - 10:15 p.m.

CVE-2023-23576

2023-12-1822:15:08

NVD-CWE-Other

CWE-696

[email protected]

web.nvd.nist.gov

cve-2023-23576

gallagher command centre

security vulnerability

network outage

competencies

access control

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

Low

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

8.3%

JSON

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.

This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.

CPENameOperatorVersion
gallagher:command_centregallagher command centrele8.50
gallagher:command_centregallagher command centreeq7.90.961
gallagher:command_centregallagher command centreeq7.90.0
gallagher:command_centregallagher command centreeq8.20
gallagher:command_centregallagher command centreeq8.20.1093
gallagher:command_centregallagher command centreeq8.20.1166
gallagher:command_centregallagher command centreeq8.20.1259
gallagher:command_centregallagher command centreeq8.00.1161
gallagher:command_centregallagher command centreeq7.80
gallagher:command_centregallagher command centreeq8.30

CPE	Name	Operator	Version
gallagher:command_centre	gallagher command centre	le	8.50
gallagher:command_centre	gallagher command centre	eq	7.90.961
gallagher:command_centre	gallagher command centre	eq	7.90.0
gallagher:command_centre	gallagher command centre	eq	8.20
gallagher:command_centre	gallagher command centre	eq	8.20.1093
gallagher:command_centre	gallagher command centre	eq	8.20.1166
gallagher:command_centre	gallagher command centre	eq	8.20.1259
gallagher:command_centre	gallagher command centre	eq	8.00.1161
gallagher:command_centre	gallagher command centre	eq	7.80
gallagher:command_centre	gallagher command centre	eq	8.30

Rows per page:

1-10 of 511

References

security.gallagher.com/Security-Advisories/CVE-2023-23576

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

Low

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

8.3%

JSON

Related for CVE-2023-23576

cvelist1 prion1