CVE-2024-21815

Name of the Vulnerable Software and Affected Versions Gallagher Command Centre versions 8.60 and prior Gallagher Command Centre versions 8.70 prior to vEL8.70.2526 (MR6) Gallagher Command Centre versions 8.80 prior to vEL8.80.1526 (MR4) Gallagher Command Centre versions 8.90 prior to vEL8.90.1751 (MR3) Gallagher Command Centre versions 9.00 prior to vEL9.00.1774 (MR2)

Description Insufficiently protected credentials for third-party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.

Recommendations For Gallagher Command Centre version 8.60 and prior, update to a version later than 8.60. For Gallagher Command Centre version 8.70 prior to vEL8.70.2526 (MR6), update to vEL8.70.2526 (MR6) or later. For Gallagher Command Centre version 8.80 prior to vEL8.80.1526 (MR4), update to vEL8.80.1526 (MR4) or later. For Gallagher Command Centre version 8.90 prior to vEL8.90.1751 (MR3), update to vEL8.90.1751 (MR3) or later. For Gallagher Command Centre version 9.00 prior to vEL9.00.1774 (MR2), update to vEL9.00.1774 (MR2) or later.