Lucene search

GallagherCVELIST:CVE-2024-21815

HistoryMar 05, 2024 - 3:09 a.m.

CVE-2024-21815

2024-03-0503:09:52

CWE-522

Gallagher

www.cve.org

credentials protection

third-party integration

command centre server

gallagher command centre

vulnerability

access control restrictions

cve-2024-21815

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

9.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Command Centre Server",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "8.60",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL9.00.1774 (MR2)",
        "status": "affected",
        "version": "9.00",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL8.90.1751 (MR3)",
        "status": "affected",
        "version": "8.90",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL8.80.1526 (MR4)",
        "status": "affected",
        "version": "8.80",
        "versionType": "custom"
      },
      {
        "lessThan": "vEL8.70.2526 (MR6)",
        "status": "affected",
        "version": "8.70",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2024-21815