Vulnerabilities > CVE-2021-23136 - Unspecified vulnerability in Gallagher Command Centre

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

gallagher

NVD

Published: 2021-06-11

Updated: 2022-04-26

Summary

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Gallagher Gallagher Command Centre 8.20 Gallagher Command Centre 8.20.1093 Gallagher Command Centre 8.20.1166 Gallagher Command Centre 8.20.1218 Gallagher Command Centre 8.30 Gallagher Command Centre 8.30.1236 Gallagher Command Centre 8.30.1299 Gallagher Command Centre * Gallagher Command Centre - Gallagher Command Centre 7.70 Gallagher Command Centre 7.80 Gallagher Command Centre 7.80.939 Gallagher Command Centre 7.80.960 Gallagher Command Centre 7.90 Gallagher Command Centre 7.90.0 Gallagher Command Centre 7.90.961 Gallagher Command Centre 7.90.991 Gallagher Command Centre 7.90.1038 Gallagher Command Centre 8.0 Gallagher Command Centre 8.00 Gallagher Command Centre 8.00.1128 Gallagher Command Centre 8.00.1161 Gallagher Command Centre 8.00.1228 Gallagher Command Centre 8.00.1252 Gallagher Command Centre 8.10	36

References

https://security.gallagher.com/Security-Advisories/CVE-2021-23136