Insecure Log File Insertion (CWE-532) in Gallagher Command Centre Allow Unauthorized Access to Sensitive Information
CVE-2024-42407
8.5HIGH
Key Information:
- Vendor
- Gallagher
- Status
- Command Centre Server
- Vendor
- CVE Published:
- 12 December 2024
Summary
The Gallagher Command Centre features a vulnerability that enables the insertion of sensitive information into log files, a situation recognized as CWE-532. This flaw permits authenticated operators to access security-sensitive data that should remain restricted. It impacts multiple versions of Command Centre Server, creating potential risks for organizations that rely on this system to manage alerts and alarms securely. Proper auditing and secure logging practices are essential to mitigate the risks associated with unauthorized information access.
Affected Version(s)
Command Centre Server 0 <= 8.80
Command Centre Server 0 <= 8.80
Command Centre Server 9.10 < 9.10.2149 (MR4)
References
CVSS V3.1
Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database