Lucene search

GallagherCVELIST:CVE-2023-22428

HistoryJul 24, 2023 - 10:44 p.m.

CVE-2023-22428

2023-07-2422:44:15

CWE-285

Gallagher

www.cve.org

cve-2023-22428

command centre server

privilege validation

division lineage

vel8.80

vel8.70

vel8.60

vel8.50

vel8.40

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

7.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.

This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.

CNA Affected

[
  {
    "vendor": "Gallagher",
    "product": "Command Centre",
    "versions": [
      {
        "status": "affected",
        "version": "vEL8.80",
        "lessThan": "1192",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.70",
        "lessThan": "2185",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.60",
        "lessThan": "2347",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.50",
        "lessThan": "2831",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "vEL8.40"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428