CVE-2023-23570

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 5.4

CVSS3: 8.1

EPSS Низкий

Описание

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.

This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.

Ссылки

https://security.gallagher.com/Security-Advisories/CVE-2023-23570
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2023-23570
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия до 8.80 (включая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.90 (включая) до 8.90.1620 (исключая)

EPSS

Процентиль: 13%

0.00042

Низкий

5.4 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-602

NVD-CWE-Other

Связанные уязвимости

GHSA-hwvj-5wvw-332c

CVSS3: 5.4

github

около 2 лет назад

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.

EPSS

Процентиль: 13%

0.00042

Низкий

5.4 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-602

NVD-CWE-Other