Improper Certificate Validation in Gallagher Command Centre by Gallagher
CVE-2021-23167

8.1HIGH

Key Information:

Vendor: Gallagher
Status: Command Centre
Vendor: CVE Published:; 18 November 2021

What is CVE-2021-23167?

An improper certificate validation vulnerability exists in the Gallagher Command Centre, allowing potential man-in-the-middle attacks that could lead to the exposure of sensitive information from the Command Centre Server. This vulnerability specifically impacts several versions of the Command Centre, making it critical for users to ensure they are on the latest releases to mitigate the associated risks.

Affected Version(s)

Command Centre <= 8.20

Command Centre 8.50 < 8.50.2048 (MR3)

Command Centre 8.40 < 8.40.2063 (MR4)

References

https://security.gallagher.com/Security-Advisories/CVE-20...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 18, 2021
Vulnerability Reserved
Jan 26, 2021

JSON