CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privilegeduser to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. 

This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
GallagherCNA
5.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
gallaghercommand_centre
9.00 ≤
𝑥
< 9.00.1507
gallaghercommand_centre
9.00.1507
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.gallagher.com/Security-Advisories/CVE-2023-46686
https://security.gallagher.com/Security-Advisories/CVE-2023-46686