CVE-2024-21815

🗓️ 05 Mar 2024 03:09:52Reported by GallagherType

Insufficiently protected credentials for DVR integrations to Command Centre Server accessible to unprivileged users

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-21815	5 Mar 202404:27	–	circl
CNNVD	Gallagher Command Centre security breach	5 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-21815	5 Mar 202403:09	–	cvelist
EUVD	EUVD-2024-19427	3 Oct 202520:07	–	euvd
NVD	CVE-2024-21815	5 Mar 202403:15	–	nvd
OSV	CVE-2024-21815	5 Mar 202403:15	–	osv
Prion	Command injection	5 Mar 202403:15	–	prion
Positive Technologies	PT-2024-19070 · Gallagher · Gallagher Command Centre	4 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-21815	5 Feb 202511:02	–	redhatcve
Vulnrichment	CVE-2024-21815	5 Mar 202403:09	–	vulnrichment

NVD

Node

gallagher command_centreRange≤8.60

gallagher command_centreRange8.70–8.70.2526

gallagher command_centreRange8.80–8.80.1526

gallagher command_centreRange8.90–8.90.1751

gallagher command_centreRange9.00–9.00.1774

[
  {
    "defaultStatus": "unaffected",
    "product": "Command Centre Server",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "8.60",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL9.00.1774 (MR2)",
        "status": "affected",
        "version": "9.00",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL8.90.1751 (MR3)",
        "status": "affected",
        "version": "8.90",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL8.80.1526 (MR4)",
        "status": "affected",
        "version": "8.80",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL8.70.2526 (MR6)",
        "status": "affected",
        "version": "8.70",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.gallagher.com/Security-Advisories/CVE-2024-21815

10 Feb 2025 22:36Current

9.1High risk

Vulners AI Score9.1

CVSS 3.16.5 - 9.1

EPSS0.00098

SSVC

CWE-522