Lucene search

GallagherCVELIST:CVE-2023-22363

HistoryJul 24, 2023 - 11:09 p.m.

CVE-2023-22363 Access Zone stack overflow

2023-07-2423:09:14

CWE-121

Gallagher

www.cve.org

stack overflow

command centre server

denial of service

access group

cve-2023-22363

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.0%

JSON

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.

This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)

CNA Affected

[
  {
    "vendor": "Gallagher",
    "product": "Command Centre",
    "versions": [
      {
        "status": "affected",
        "version": "vEL8.80",
        "lessThan": "1192",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for CVELIST:CVE-2023-22363