exploitDog

CVE-2024-21815

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 9.1

CVSS3: 6.5

EPSS Низкий

Описание

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

Ссылки

https://security.gallagher.com/Security-Advisories/CVE-2024-21815
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2024-21815
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия до 8.60 (включая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.70 (включая) до 8.70.2526 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.80 (включая) до 8.80.1526 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.90 (включая) до 8.90.1751 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 9.00 (включая) до 9.00.1774 (исключая)

EPSS

Процентиль: 27%

0.00098

Низкий

9.1 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-522

CWE-522

Связанные уязвимости

GHSA-cg32-2535-p88w

CVSS3: 9.1

github

почти 2 года назад

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

EPSS

Процентиль: 27%

0.00098

Низкий

9.1 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-522

CWE-522