PT-2023-30159 · Gallagher · Gallagher Command Centre Diagnostics Service

Published

2023-12-18

Updated

2023-12-28

CVE-2023-46686

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gallagher Diagnostics Service versions prior to 1.3.0

Description A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.

Recommendations For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the configuration of the Diagnostics Service to prevent the use of less secure communication protocols.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-807

Related Identifiers

CVE-2023-46686

Affected Products

Gallagher Command Centre Diagnostics Service

PT-2023-30159 · Gallagher · Gallagher Command Centre Diagnostics Service

CVE-2023-46686

Weakness Enumeration

Related Identifiers

Affected Products

References · 6