CVE-2021-23162
7.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Summary
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Gallagher | Command Centre Mobile Connect for Android | unspecified <= 14 | affected |
| Gallagher | Command Centre Mobile Connect for Android | 15 < 15.04.040 | affected |
Weaknesses
- CWE-296: CWE-296 Improper Following of a Certificate's Chain of Trust
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.