Lucene search

GallagherCVE-2024-23194

HistoryJul 11, 2024 - 3:15 a.m.

CVE-2024-23194

2024-07-1103:15:02

CWE-117

Gallagher

web.nvd.nist.gov

improper output neutralization

logs

command centre

api

diagnostics endpoint

limited ability

modify

gallagher

v9.10

vel9.10.1268

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

9.3%

JSON

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files.

This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Command Centre",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThan": "vEL9.10.1268",
        "status": "affected",
        "version": "9.10",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2024-23194

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

9.3%

JSON

Related for CVE-2024-23194