CVE-2024-43107

HIGH
Improper Certificate Validation (CWE-295)
2025-03-10 [email protected]
Authentication Bypass
7.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:50 vuln.today
CVE Published
Mar 10, 2025 - 03:15 nvd
HIGH 7.2

DescriptionNVD

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.

AnalysisAI

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. [CVSS 7.2 HIGH]

Technical ContextAI

Classified as CWE-295 (Improper Certificate Validation). Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.

Affected ProductsAI

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2024-43107 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy