CVE-2021-23146
18.11.2021, 18:15
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gallagher | command_centre | 𝑥 ≤ 8.00 |
| gallagher | command_centre | 8.10 ≤ 𝑥 < 8.10.1284 |
| gallagher | command_centre | 8.20 ≤ 𝑥 < 8.20.1259 |
| gallagher | command_centre | 8.30 ≤ 𝑥 < 8.30.1359 |
| gallagher | command_centre | 8.40 ≤ 𝑥 < 8.40.1888 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1023 - Incomplete Comparison with Missing FactorsThe software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
- CWE-697 - Incorrect ComparisonThe software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.