CVE-2024-21815
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
9.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), Β all version of 8.60 and prior.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.1774 (MR2)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.1751 (MR3)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1526 (MR4)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vEL8.70.2526 (MR6)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
]Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
9.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%