CVE-2021-23146

Summary

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Center8.40 prior to 8.40.1888 (MR3)affected
GallagherCommand Center8.30 prior to 8.30.1359 (MR3)affected
GallagherCommand Center8.20 prior to 8.20.1259 (MR5)affected
GallagherCommand Center8.10 prior to 8.10.1284 (MR7)affected
GallagherCommand Center8.00 and prioraffected

Weaknesses

  • CWE-1023: CWE-1023

ADP Enrichment

CVE Program Container

Additional References

References