CRITICAL🇵🇱 Wersja polska

CVE-2024-21815

CVSS 9.1v3.1pub. 2024-03-05upd. 2025-02-10

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6),  all version of 8.60 and prior.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
  • Gallagher Command Centre

    APP
    Gallagher
    ≤ 8.608.70 – 8.70.2526 (bez)8.80 – 8.80.1526 (bez)8.90 – 8.90.1751 (bez)9.00 – 9.00.1774 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-23230CRITICAL9.9ten sam produkt

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged ...

CVE-2021-23140CRITICAL9.9ten sam produkt

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modif...

CVE-2020-16098CRITICAL9.8ten sam produkt

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in...

CVE-2020-16096CRITICAL9.9ten sam produkt

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to...

CVE-2019-15294CRITICAL9.8ten sam produkt

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom s...