CVE-2021-23155
9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Gallagher | Command Centre Mobile Client for Android | unspecified <= 8.50 | affected |
| Gallagher | Command Centre Mobile Client for Android | 8.60 < 8.60.065 | affected |
Weaknesses
- CWE-296: CWE-296 Improper Following of a Certificate's Chain of Trust
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.