Lucene search

GallagherVULNRICHMENT:CVE-2024-21815

HistoryMar 05, 2024 - 3:09 a.m.

CVE-2024-21815

2024-03-0503:09:52

CWE-522

Gallagher

github.com

cve-2024-21815

gallagher command centre

insufficient protection.

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

CNA Affected

[
  {
    "vendor": "Gallagher",
    "product": "Command Centre Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "8.60"
      },
      {
        "status": "affected",
        "version": "9.00",
        "lessThan": "vEL9.00.1774 (MR2)",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.90",
        "lessThan": "vEL8.90.1751 (MR3)",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.80",
        "lessThan": "vEL8.80.1526 (MR4)",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.70",
        "lessThan": "vEL8.70.2526 (MR6)",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2024-21815