CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2023-46686	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre:9.00.1507:-::::::

History

28 Dec 2023, 20:08

Type	Values Removed	Values Added
First Time		Gallagher Gallagher command Centre
CWE		NVD-CWE-Other
References	~~() https://security.gallagher.com/Security-Advisories/CVE-2023-46686 -~~	() https://security.gallagher.com/Security-Advisories/CVE-2023-46686 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 7.1
CPE		cpe:2.3:a:gallagher:command_centre:::::::: cpe:2.3:a:gallagher:command_centre:9.00.1507:-::::::
Summary		(es) Un usuario privilegiado podría aprovechar la dependencia de entradas sin confianza en una decisión de seguridad para configurar el Gallagher Command Centre Diagnostics Service para utilizar protocolos de comunicación menos seguros. Este problema afecta: Gallagher Diagnostics Service anterior a v1.3.0 (distribuido en 9.00.1507(MR1)).

18 Dec 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-18 22:15

Updated : 2023-12-28 20:08

NVD link : CVE-2023-46686

Mitre link : CVE-2023-46686

CVE.ORG link : CVE-2023-46686

JSON object : View

Products Affected

gallagher

command_centre

CWE

NVD-CWE-Other CWE-807

Reliance on Untrusted Inputs in a Security Decision

{"id": "CVE-2023-46686", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2023-12-18T22:15:08.967", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686", "tags": ["Vendor Advisory"], "source": "disclosures@gallagher.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-807"}]}], "descriptions": [{"lang": "en", "value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"}, {"lang": "es", "value": "Un usuario privilegiado podr\u00eda aprovechar la dependencia de entradas sin confianza en una decisi\u00f3n de seguridad para configurar el Gallagher Command Centre Diagnostics Service para utilizar protocolos de comunicaci\u00f3n menos seguros. Este problema afecta: Gallagher Diagnostics Service anterior a v1.3.0 (distribuido en 9.00.1507(MR1))."}], "lastModified": "2023-12-28T20:08:24.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "516A63FB-0145-4EAE-BAF5-2724C1F9F24D", "versionEndExcluding": "9.00.1507", "versionStartIncluding": "9.00"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:9.00.1507:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B79DE16-27CB-4D2D-AEDC-3CA2D4ACC5C8"}], "operator": "OR"}]}], "sourceIdentifier": "disclosures@gallagher.com"}