CVE-2023-23576

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2023-23576	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::

History

05 Jan 2024, 19:32

Type	Values Removed	Values Added
References	~~() https://security.gallagher.com/Security-Advisories/CVE-2023-23576 -~~	() https://security.gallagher.com/Security-Advisories/CVE-2023-23576 - Vendor Advisory
First Time		Gallagher Gallagher command Centre
Summary		(es) El orden de comportamiento incorrecto en Command Center Server podría permitir que los usuarios privilegiados obtengan acceso físico al sitio durante más tiempo del previsto después de una interrupción de la red cuando se utilizan competencias en la decisión de acceso. Este problema afecta a: Gallagher Command Center: 8.90 anterior a vEL8.90.1620 (MR2), 8.80 anterior a vEL8.80.1369 (MR3), 8.70 anterior a vEL8.70.2375 (MR5), 8.60 anterior a vEL8.60.2550 (MR7), todas las versiones de 8.50 y anteriores.
CPE		cpe:2.3:a:gallagher:command_centre::::::::
CWE		NVD-CWE-Other

18 Dec 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-18 22:15

Updated : 2024-01-05 19:32

NVD link : CVE-2023-23576

Mitre link : CVE-2023-23576

CVE.ORG link : CVE-2023-23576

JSON object : View

Products Affected

gallagher

command_centre

CWE

NVD-CWE-Other CWE-696

Incorrect Behavior Order

{"id": "CVE-2023-23576", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.7}, {"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.7}]}, "published": "2023-12-18T22:15:08.210", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576", "tags": ["Vendor Advisory"], "source": "disclosures@gallagher.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-696"}]}], "descriptions": [{"lang": "en", "value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"}, {"lang": "es", "value": "El orden de comportamiento incorrecto en Command Center Server podr\u00eda permitir que los usuarios privilegiados obtengan acceso f\u00edsico al sitio durante m\u00e1s tiempo del previsto despu\u00e9s de una interrupci\u00f3n de la red cuando se utilizan competencias en la decisi\u00f3n de acceso. Este problema afecta a: Gallagher Command Center: 8.90 anterior a vEL8.90.1620 (MR2), 8.80 anterior a vEL8.80.1369 (MR3), 8.70 anterior a vEL8.70.2375 (MR5), 8.60 anterior a vEL8.60.2550 (MR7), todas las versiones de 8.50 y anteriores."}], "lastModified": "2024-01-05T19:32:36.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786", "versionEndIncluding": "8.50"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54586395-20DD-4AB8-8C2A-26870B1522A2", "versionEndExcluding": "8.60.2550", "versionStartIncluding": "8.60"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E787E1B-4152-4F45-8E6E-1761938E48A3", "versionEndExcluding": "8.70.2375", "versionStartIncluding": "8.70"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6091751E-0326-445F-ABFF-09BE6D3543BF", "versionEndExcluding": "8.80.1369", "versionStartIncluding": "8.80"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B0605C7-4DC1-4F63-9987-D3320AC4D6A5", "versionEndExcluding": "8.90.1620", "versionStartIncluding": "8.90"}], "operator": "OR"}]}], "sourceIdentifier": "disclosures@gallagher.com"}