PT-2021-15400 · Gallagher · Gallagher Command Centre
Published
2021-11-18
·
Updated
2022-04-26
·
CVE-2021-23193
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre versions prior to 8.50.2048 (MR3)
Gallagher Command Centre versions prior to 8.40.2063 (MR4)
Gallagher Command Centre versions prior to 8.30.1454 (MR4)
Gallagher Command Centre versions prior to 8.20.1291 (MR6)
Gallagher Command Centre version 8.10 and prior versions
Description
The issue is related to improper privilege validation in the COM Interface of the Gallagher Command Centre Server, allowing authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server.
Recommendations
For versions prior to 8.50.2048 (MR3), update to version 8.50.2048 (MR3) or later.
For versions prior to 8.40.2063 (MR4), update to version 8.40.2063 (MR4) or later.
For versions prior to 8.30.1454 (MR4), update to version 8.30.1454 (MR4) or later.
For versions prior to 8.20.1291 (MR6), update to version 8.20.1291 (MR6) or later.
For version 8.10 and prior versions, update to a version later than 8.10.
Fix
Improper Privilege Management
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gallagher Command Centre