Lucene search

GallagherVULNRICHMENT:CVE-2024-23194

HistoryJul 11, 2024 - 2:39 a.m.

CVE-2024-23194

2024-07-1102:39:08

CWE-117

Gallagher

github.com

improper output neutralization

logs

command centre api

gallagher

v9.10

vel9.10.1268

mr1

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files.

This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

CNA Affected

[
  {
    "vendor": "Gallagher",
    "product": "Command Centre",
    "versions": [
      {
        "status": "affected",
        "version": "9.10",
        "lessThan": "vEL9.10.1268",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2024-23194

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-23194