PT-2024-19711 · Gallagher · Gallagher Command Centre
Published
2024-07-10
·
Updated
2024-07-11
·
CVE-2024-23194
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre versions 9.10 prior to 9.10.1268 (MR1)
Description
The issue is related to improper output neutralization for logs in the Command Centre API Diagnostics Endpoint, which could allow an attacker to modify Command Centre log files. This gives the attacker a limited ability to alter log files.
Recommendations
For Gallagher Command Centre versions 9.10 prior to 9.10.1268 (MR1), update to version 9.10.1268 (MR1) or later to resolve the issue. As a temporary workaround, consider restricting access to the Command Centre API Diagnostics Endpoint to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallagher Command Centre