CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2023-46686	Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2023-46686	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre:9.00.1507:-::::::

History

21 Nov 2024, 08:29

Type	Values Removed	Values Added
References	~~() https://security.gallagher.com/Security-Advisories/CVE-2023-46686 - Vendor Advisory~~	() https://security.gallagher.com/Security-Advisories/CVE-2023-46686 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 5.5

28 Dec 2023, 20:08

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
References	~~() https://security.gallagher.com/Security-Advisories/CVE-2023-46686 -~~	() https://security.gallagher.com/Security-Advisories/CVE-2023-46686 - Vendor Advisory
CPE		cpe:2.3:a:gallagher:command_centre:::::::: cpe:2.3:a:gallagher:command_centre:9.00.1507:-::::::

19 Dec 2023, 13:42

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-18 22:15

Updated : 2024-11-21 08:29

NVD link : CVE-2023-46686

Mitre link : CVE-2023-46686

CVE.ORG link : CVE-2023-46686

JSON object : View

Products Affected

gallagher

command_centre

CWE

CWE-807

Reliance on Untrusted Inputs in a Security Decision

NVD-CWE-Other

{"id": "CVE-2023-46686", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2023-12-18T22:15:08.967", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686", "tags": ["Vendor Advisory"], "source": "disclosures@gallagher.com"}, {"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-807"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"}, {"lang": "es", "value": "Un usuario privilegiado podr\u00eda aprovechar la dependencia de entradas sin confianza en una decisi\u00f3n de seguridad para configurar el Gallagher Command Centre Diagnostics Service para utilizar protocolos de comunicaci\u00f3n menos seguros. Este problema afecta: Gallagher Diagnostics Service anterior a v1.3.0 (distribuido en 9.00.1507(MR1))."}], "lastModified": "2024-11-21T08:29:04.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "516A63FB-0145-4EAE-BAF5-2724C1F9F24D", "versionEndExcluding": "9.00.1507", "versionStartIncluding": "9.00"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:9.00.1507:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B79DE16-27CB-4D2D-AEDC-3CA2D4ACC5C8"}], "operator": "OR"}]}], "sourceIdentifier": "disclosures@gallagher.com"}