CVE-2024-21815 Vulnerability Details

  /     /     /  

CVE-2024-21815 Metadata Quick Info

CVE Published: 05/03/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: Gallagher | Vendor: Gallagher | Product: Command Centre Server
Status : PUBLISHED

---

CVE-2024-21815 Description

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6),  all version of 8.60 and prior.

Metrics

CVSS Version: 3.1 | Base Score: 9.1 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-522
CWE Name: CWE-522 Insufficiently Protected Credentials
Source: Gallagher

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).