CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), Β all version of 8.60 and prior.
[
{
"vendor": "Gallagher",
"product": "Command Centre Server",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "8.60"
},
{
"status": "affected",
"version": "9.00",
"lessThan": "vEL9.00.1774 (MR2)",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.90",
"lessThan": "vEL8.90.1751 (MR3)",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.80",
"lessThan": "vEL8.80.1526 (MR4)",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.70",
"lessThan": "vEL8.70.2526 (MR6)",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial