Improper Privilege Validation in Command Centre Server by Gallagher
CVE-2023-22428

7.6HIGH

Key Information:

Vendor: Gallagher
Status: Command Centre
Vendor: CVE Published:; 24 July 2023

What is CVE-2023-22428?

A security vulnerability in Gallagher's Command Centre Server arises from improper privilege validation, enabling authenticated operators to alter Division lineage settings improperly. This flaw can lead to unauthorized changes in the system's operational parameters, which may compromise the integrity and security of the overall Command Centre functionality. It is crucial for users of affected versions to apply the necessary patches and updates to mitigate this risk.

Affected Version(s)

Command Centre vEL8.80 < 1192

Command Centre vEL8.70 < 2185

Command Centre vEL8.60 < 2347

References

https://security.gallagher.com/en-NZ/Security-Advisories/...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
Feb 3, 2023