Improper Validation in Mobile Connect Affects Gallagher Command Centre
CVE-2021-23162

7.7HIGH

Key Information:

Vendor: Gallagher
Status: Command Centre Mobile Connect For Android
Vendor: CVE Published:; 18 November 2021

What is CVE-2021-23162?

The Gallagher Command Centre Mobile Connect is susceptible to a vulnerability due to improper validation of the cloud certificate chain. This flaw can be exploited by attackers to perform man-in-the-middle attacks, potentially leading to the impersonation of the legitimate server. This risk is particularly pronounced in versions prior to 15.04.040 and in version 14 and earlier.

Affected Version(s)

Command Centre Mobile Connect for Android <= 14

Command Centre Mobile Connect for Android 15 < 15.04.040

References

https://security.gallagher.com/Security-Advisories/CVE-20...

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2021
Vulnerability Reserved
Jan 26, 2021