CVE-2023-46686

Summary

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.

This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centre Diagnostics Service0 <= 1.3.0affected

Weaknesses

  • CWE-807: CWE-807: Reliance on Untrusted Inputs in a Security Decision

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References