Описание
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.50 (включая)Версия от 8.60 (включая) до 8.60.065 (исключая)
Одно из
cpe:2.3:a:gallagher:command_centre_mobile_client:*:*:*:*:*:android:*:*
cpe:2.3:a:gallagher:command_centre_mobile_client:*:*:*:*:*:android:*:*
EPSS
Процентиль: 33%
0.00129
Низкий
9 Critical
CVSS3
6.8 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-296
CWE-295
Связанные уязвимости
CVSS3: 6.8
github
около 4 лет назад
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions.
EPSS
Процентиль: 33%
0.00129
Низкий
9 Critical
CVSS3
6.8 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-296
CWE-295