PT-2023-30159 · Gallagher · Gallagher Command Centre Diagnostics Service

Publicado

2023-12-18

Atualizado

2023-12-28

CVE-2023-46686

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gallagher Diagnostics Service versions prior to 1.3.0

Description A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.

Recommendations For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the configuration of the Diagnostics Service to prevent the use of less secure communication protocols.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-807

Identificadores relacionados

CVE-2023-46686

Produtos afetados

Gallagher Command Centre Diagnostics Service

PT-2023-30159 · Gallagher · Gallagher Command Centre Diagnostics Service

CVE-2023-46686

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6