exploitDog

CVE-2023-23576

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.

This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.

Ссылки

https://security.gallagher.com/Security-Advisories/CVE-2023-23576
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2023-23576
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия до 8.50 (включая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.60 (включая) до 8.60.2550 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.70 (включая) до 8.70.2375 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.80 (включая) до 8.80.1369 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.90 (включая) до 8.90.1620 (исключая)

EPSS

Процентиль: 24%

0.00079

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-696

NVD-CWE-Other

Связанные уязвимости

GHSA-5gjx-6hg3-323g

CVSS3: 4.3

github

около 2 лет назад

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.

EPSS

Процентиль: 24%

0.00079

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-696

NVD-CWE-Other