Lucene search

[email protected]NVD:CVE-2024-21815

HistoryMar 05, 2024 - 3:15 a.m.

CVE-2024-21815

2024-03-0503:15:06

CWE-522

[email protected]

web.nvd.nist.gov

credentials

third party integration

accessible

gallagher command centre

cve-2024-21815

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

9.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

References

security.gallagher.com/Security-Advisories/CVE-2024-21815