Lucene search

GallagherCVELIST:CVE-2021-23136

HistoryJun 11, 2021 - 3:46 p.m.

CVE-2021-23136

2021-06-1115:46:00

CWE-285

Gallagher

www.cve.org

vulnerability

authorization

gallagher command centre

server

macro overrides

unprivileged

operator

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

CNA Affected

[
  {
    "product": "Command Centre",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "8.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.40.1888 (MR3)",
        "status": "affected",
        "version": "8.40",
        "versionType": "custom"
      },
      {
        "lessThan": "8.30.1359 (MR3)",
        "status": "affected",
        "version": "8.30",
        "versionType": "custom"
      },
      {
        "lessThan": "8.20.1259 (MR5)",
        "status": "affected",
        "version": "8.20",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2021-23136

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-23136