CVE-2024-43690

EUVD-2024-40426
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).

This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gallaghercommand_centre
𝑥
≤ 8.70
ADP
gallaghercommand_centre
9.10 ≤
𝑥
≤ 9.10.1530(mr2)
ADP
gallaghercommand_centre
9.00 ≤
𝑥
≤ 9.00.2168(mr4)
ADP
gallaghercommand_centre
8.90 ≤
𝑥
≤ 8.90.2155(mr5)
ADP
gallaghercommand_centre
8.80 ≤
𝑥
≤ 8.80.1938(mr6)
ADP
Common Weakness Enumeration
References
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690