CVE-2021-23197

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.2 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
GallagherCNA
5.2 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
gallaghercommand_centre
8.50 ≤
𝑥
< 8.50.2048
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.gallagher.com/Security-Advisories/CVE-2021-23197
https://security.gallagher.com/Security-Advisories/CVE-2021-23197