Vulnerabilities > Gallagher
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-25074 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. | 5.4 |
| 2023-07-24 | CVE-2023-22428 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | 6.5 |
| 2023-06-01 | CVE-2023-24584 | Classic Buffer Overflow vulnerability in Gallagher Controller 6000 Firmware Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. | 9.8 |
| 2022-07-06 | CVE-2022-26078 | Unspecified vulnerability in Gallagher Controller 6000 Firmware Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. | 7.8 |
| 2022-07-06 | CVE-2022-26348 | SQL Injection vulnerability in Gallagher Command Centre Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. | 2.1 |
| 2021-11-18 | CVE-2021-23193 | Improper Privilege Management vulnerability in Gallagher Command Centre Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. | 4.0 |
| 2021-11-18 | CVE-2021-23197 | Unquoted Search Path or Element vulnerability in Gallagher Command Centre Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. | 4.6 |
| 2021-11-18 | CVE-2021-23146 | Incorrect Comparison vulnerability in Gallagher Command Centre An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. | 7.5 |
| 2021-11-18 | CVE-2021-23155 | Improper Certificate Validation vulnerability in Gallagher Command Centre Mobile Client Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. | 4.3 |
| 2021-11-18 | CVE-2021-23162 | Improper Certificate Validation vulnerability in Gallagher Command Centre Mobile Connect Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. | 6.8 |