PT-2021-15401 · Gallagher · Gallagher Command Centre+1

Published

2021-11-18

Updated

2021-11-23

CVE-2021-23197

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3)

Description The issue is an unquoted service path vulnerability in the Gallagher Controller Service, allowing an unprivileged user to execute arbitrary code as the account that runs the Controller Service.

Recommendations For Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3), update to version 8.50.2048 (MR3) or later to resolve the issue. As a temporary workaround, consider restricting access to the Gallagher Controller Service to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2021-23197

Affected Products

Gallagher Command Centre

Gallagher Controller Service

PT-2021-15401 · Gallagher · Gallagher Command Centre+1

CVE-2021-23197

Weakness Enumeration

Related Identifiers

Affected Products

References · 4