Security Flaw in Gallagher Command Centre Diagnostics Service
CVE-2023-46686

5.5MEDIUM

Key Information:

Vendor: Gallagher
Status: Command Centre Diagnostics Service
Vendor: CVE Published:; 18 December 2023

What is CVE-2023-46686?

A security vulnerability has been identified in the Gallagher Command Centre Diagnostics Service that allows a privileged user to exploit insufficient validation of untrusted inputs. This flaw enables the configuration of the service to operate with less secure communication protocols, potentially exposing sensitive data and system integrity to risks. Affected versions include those prior to v1.3.0, distributed in 9.00.1507(MR1). To mitigate this issue, users are advised to ensure their systems are updated to the latest version and implement robust security practices.

Affected Version(s)

Command Centre Diagnostics Service 0 <= 1.3.0

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Nov 1, 2023