CVE-2023-46686

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 7.1

EPSS Низкий

Описание

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.

This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

Ссылки

https://security.gallagher.com/Security-Advisories/CVE-2023-46686
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2023-46686
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 9.00 (включая) до 9.00.1507 (исключая)

cpe:2.3:a:gallagher:command_centre:9.00.1507:-:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00083

Низкий

5.5 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-807

NVD-CWE-Other

Связанные уязвимости

GHSA-xxmw-m6v2-9h47

CVSS3: 5.5

github

больше 1 года назад

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

EPSS

Процентиль: 25%

0.00083

Низкий

5.5 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-807

NVD-CWE-Other