CVE-2021-23205

Published: Jun 11, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Affected (4)

Products: Gallagher: Command Centre

Gallagher

1 product

Command Centre

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Gallagher Command Centre	Up to 8.10
Gallagher Command Centre	From 8.20 to 8.20.1259
Gallagher Command Centre	From 8.30 to 8.30.1359
Gallagher Command Centre	From 8.40 to 8.40.1888

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (2)

https://security.gallagher.com/Security-Advisories/CVE-2021-23205

Source: disclosures@gallagher.com

Vendor Advisory

https://security.gallagher.com/Security-Advisories/CVE-2021-23205

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.