Skip to main content

Command Centre CVE-2023-23568

MEDIUM
Improper Authorization (CWE-285)
2023-07-25 disclosures@gallagher.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 25, 2023 - 02:15 nvd
MEDIUM 5.4

DescriptionNVD

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.

This issue affects Command Centre: vEL

8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),

vEL8.70 prior to

vEL8.70.2185 (MR4),

vEL8.60 prior to

vEL8.60.2347 (MR6),

vEL8.50 prior to

vEL8.50.2831 (MR8), all versions

vEL8.40 and prior

AnalysisAI

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-285. Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior Affected products include: Gallagher Command Centre.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-16098 CRITICAL
9.8 Sep 15

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions

CVE-2019-15294 CRITICAL
9.8 Aug 28

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Rated critical severity (CVSS 9.8), this

CVE-2021-23140 HIGH
8.8 Jun 11

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an

CVE-2020-16103 HIGH
8.8 Dec 14

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote

CVE-2020-16102 HIGH
8.2 Dec 14

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to cr

CVE-2023-23570 HIGH
8.1 Dec 18

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid conf

CVE-2021-23205 HIGH
8.1 Jun 11

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configura

CVE-2021-23197 HIGH
7.8 Nov 18

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary

CVE-2020-16096 HIGH
7.7 Sep 15

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(

CVE-2023-22363 HIGH
7.5 Jul 25

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via as

CVE-2021-23146 HIGH
7.5 Nov 18

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV

CVE-2020-16101 HIGH
7.5 Sep 15

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out

Share

CVE-2023-23568 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy