Products
Command Centre Server
- 9.10 prior to vEL9.10.1530 (MR2)
- 9.00 prior to vEL9.00.2168 (MR4)
- 8.90 prior to vEL8.90.2155 (MR5)
- 8.80 prior to vEL8.80.1938 (MR6)
- all versions of 8.70 and prior
Command Centre Workstations
- 9.10 prior to vEL9.10.1530 (MR2)
- 9.00 prior to vEL9.00.2168 (MR4)
- 8.90 prior to vEL8.90.2155 (MR5)
- 8.80 prior to vEL8.80.1938 (MR6)
- all versions of 8.70 and prior
Source
disclosures@gallagher.com
Tags
CVE-2024-43690 details
Last Modified : Sept. 11, 2024, 4:26 p.m.
Description
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.0 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.0
Exploitability Score
1.3
Impact Score
6.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References
URL | Source |
---|---|
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690 | disclosures@gallagher.com |