Lucene search

[email protected]CVE-2023-25074

HistoryJul 25, 2023 - 12:15 a.m.

CVE-2023-25074

2023-07-2500:15:09

CWE-285

[email protected]

web.nvd.nist.gov

cve-2023-25074

command centre

privilege validation

authentication

competencies

security vulnerability

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.

This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),

vEL8.60 prior to vEL8.60.2347 (MR6),

vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.

Affected configurations

NVD

Node

gallaghercommand_centreRange≤8.40.2216

gallaghercommand_centreRange8.50–8.50.2831

gallaghercommand_centreRange8.60–8.60.2347

gallaghercommand_centreRange8.70–8.70.2185

gallaghercommand_centreRange8.80–8.80.1192

gallaghercommand_centreRange8.90–8.90.1318

CPENameOperatorVersion
gallagher:command_centregallagher command centrele8.40.2216
gallagher:command_centregallagher command centrelt8.50.2831
gallagher:command_centregallagher command centrelt8.60.2347
gallagher:command_centregallagher command centrelt8.70.2185
gallagher:command_centregallagher command centrelt8.80.1192
gallagher:command_centregallagher command centrelt8.90.1318

CPE	Name	Operator	Version
gallagher:command_centre	gallagher command centre	le	8.40.2216
gallagher:command_centre	gallagher command centre	lt	8.50.2831
gallagher:command_centre	gallagher command centre	lt	8.60.2347
gallagher:command_centre	gallagher command centre	lt	8.70.2185
gallagher:command_centre	gallagher command centre	lt	8.80.1192
gallagher:command_centre	gallagher command centre	lt	8.90.1318

CNA Affected

[
  {
    "vendor": "Gallagher",
    "product": "Command Centre",
    "versions": [
      {
        "status": "affected",
        "version": "vEL8.40"
      },
      {
        "status": "affected",
        "version": "vEL8.50",
        "lessThan": "2831",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.60",
        "lessThan": "2347",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.70",
        "lessThan": "2185",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.80",
        "lessThan": "1192",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.90",
        "lessThan": "1318",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVE-2023-25074

cvelist1 prion1 nvd1