Описание
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.0 (включая)Версия от 15.0 (включая) до 15.04.040 (исключая)
Одно из
cpe:2.3:a:gallagher:command_centre_mobile_connect:*:*:*:*:*:android:*:*
cpe:2.3:a:gallagher:command_centre_mobile_connect:*:*:*:*:*:android:*:*
EPSS
Процентиль: 40%
0.00187
Низкий
7.7 High
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-296
CWE-295
Связанные уязвимости
github
больше 3 лет назад
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions.
EPSS
Процентиль: 40%
0.00187
Низкий
7.7 High
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-296
CWE-295