CVE-2024-43107

March 10, 2025, 3:15 a.m.

7.2
High

Description

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.

Product(s) Impacted

Product Versions
Gallagher Milestone Integration Plugin (MIP)
  • 4.0.32
  • 3.0 and prior

Weaknesses

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107

Tags

CWE-295
disclosures@gallagher.com
2025-03-10
CVE-2024-43107

CVSS Score

7.2 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: LOW
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Date

  • Published: March 10, 2025, 3:15 a.m.
  • Last Modified: March 10, 2025, 3:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosures@gallagher.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.