CVE-2023-23576

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. 

This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
GallagherCNA
4.3 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
gallaghercommand_centre
𝑥
≤ 8.50
gallaghercommand_centre
8.60 ≤
𝑥
< 8.60.2550
gallaghercommand_centre
8.70 ≤
𝑥
< 8.70.2375
gallaghercommand_centre
8.80 ≤
𝑥
< 8.80.1369
gallaghercommand_centre
8.90 ≤
𝑥
< 8.90.1620
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.gallagher.com/Security-Advisories/CVE-2023-23576
https://security.gallagher.com/Security-Advisories/CVE-2023-23576