CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2023-46686	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre:9.00.1507:-::::::

History

No history.

Information

Published : 2023-12-18 22:15

Updated : 2023-12-28 20:08

NVD link : CVE-2023-46686

Mitre link : CVE-2023-46686

CVE.ORG link : CVE-2023-46686

JSON object : View

Products Affected

gallagher

command_centre

CWE

NVD-CWE-Other CWE-807

Reliance on Untrusted Inputs in a Security Decision

{"id": "CVE-2023-46686", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2023-12-18T22:15:08.967", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686", "tags": ["Vendor Advisory"], "source": "disclosures@gallagher.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-807"}]}], "descriptions": [{"lang": "en", "value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"}, {"lang": "es", "value": "Un usuario privilegiado podr\u00eda aprovechar la dependencia de entradas sin confianza en una decisi\u00f3n de seguridad para configurar el Gallagher Command Centre Diagnostics Service para utilizar protocolos de comunicaci\u00f3n menos seguros. Este problema afecta: Gallagher Diagnostics Service anterior a v1.3.0 (distribuido en 9.00.1507(MR1))."}], "lastModified": "2023-12-28T20:08:24.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "516A63FB-0145-4EAE-BAF5-2724C1F9F24D", "versionEndExcluding": "9.00.1507", "versionStartIncluding": "9.00"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:9.00.1507:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B79DE16-27CB-4D2D-AEDC-3CA2D4ACC5C8"}], "operator": "OR"}]}], "sourceIdentifier": "disclosures@gallagher.com"}